1. #1

    Cool How to remove Astromenda

    Hi, have a laptop that has caught Astromenda, took over IE11 home page and WILL NOT go, however many times I rename home page etc. IObit and Superantispyware are both blissfully unaware it is there, and the web is full of advice to uninstall it, though it does not show up on the uninstall list.

    I'm surprised there are no other entries on this one yet. We had it a few months ago, and it was a devil to get rid of, but can't recall what worked. As you can see, not the best techie around!

    Grateful for any help


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,472

    Re: How to remove Astromenda

    Hi, nimzo. Welcome to Sysnative.

    We will do our best to assist you. Please provide the logs as requested in the Malware Removal Posting Instructions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: How to remove Astromenda

    Quote Originally Posted by Corrine View Post
    Hi, nimzo. Welcome to Sysnative.

    We will do our best to assist you. Please provide the logs as requested in the Malware Removal Posting Instructions.
    Thanks Corinne, here is the FRST result:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
    Ran by mrsmr_000 (administrator) on POOTER on 11-05-2015 06:04:13
    Running from D:\
    Loaded Profiles: mrsmr_000 (Available profiles: Martin & mrsmr_000)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
    (IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    () C:\Program Files\Memopal\MemopalCrawler.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
    () C:\Program Files\TrueColor\TrueColorALS.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
    (Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
    (IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
    () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3059360 2012-06-03] (Dell Inc.)
    HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [18785776 2014-04-30] (Entertainment Experience)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2014-05-07] (Synaptics Incorporated)
    HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
    HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5768992 2015-03-03] (IObit)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-16] (SUPERAntiSpyware)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\Run: [Google Update] => C:\Users\mrsmr_000\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-13] (Google Inc.)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-13] (Flexera Software LLC.)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2529088 2014-04-09] (IObit)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
    ShellIconOverlayIdentifiers: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Memopal\ShellExtensionx64\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Memopal\ShellExtensionx64\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Memopal\ShellExtensionx64\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Memopal\ShellExtensionx64\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers-x32: [01MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Memopal\ShellExtension\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers-x32: [02MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Memopal\ShellExtension\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers-x32: [03MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Memopal\ShellExtension\ShellExtension.dll [2014-10-28] ()
    ShellIconOverlayIdentifiers-x32: [04MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Memopal\ShellExtension\ShellExtension.dll [2014-10-28] ()
    BootExecute: autocheck autochk * SmartDefragBootTime.exe
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\Software\Microsoft\Internet Explorer\Main,Start Page = Astromenda Search=
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    SearchScopes: HKLM -> DefaultScope {05BD0032-2395-4E4D-AA4C-08A62C7820CF} URL = Vosteran Search=
    SearchScopes: HKLM -> {05BD0032-2395-4E4D-AA4C-08A62C7820CF} URL = Vosteran Search=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-11-13] (IObit)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
    BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
    BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
    BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
    FireFox:
    ========
    FF ProfilePath: C:\Users\mrsmr_000\AppData\Roaming\Mozilla\Firefox\Profiles\ujcoa4fi.default
    FF Homepage: www.google.co.uk
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-13] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
    FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
    FF Plugin HKU\S-1-5-21-2091344036-716997978-2294441580-1005: @tools.google.com/Google Update;version=3 -> C:\Users\mrsmr_000\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2091344036-716997978-2294441580-1005: @tools.google.com/Google Update;version=9 -> C:\Users\mrsmr_000\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
    FF user.js: detected! => C:\Users\mrsmr_000\AppData\Roaming\Mozilla\Firefox\Profiles\ujcoa4fi.default\user.js [2015-02-28]
    FF Extension: Advanced SystemCare Surfing Protection - C:\Users\mrsmr_000\AppData\Roaming\Mozilla\Firefox\Profiles\ujcoa4fi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-08]
    Chrome:
    =======
    CHR Profile: C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
    CHR Extension: (Google Docs) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
    CHR Extension: (Google Drive) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
    CHR Extension: (YouTube) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
    CHR Extension: (Google Cast) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-13]
    CHR Extension: (Google Search) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
    CHR Extension: (Google Sheets) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
    CHR Extension: (AdBlock) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-17]
    CHR Extension: (Bookmark Manager) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
    CHR Extension: (Google Wallet) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
    CHR Extension: (Gmail) - C:\Users\mrsmr_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-12-16] (IObit)
    R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [649024 2014-03-31] (IOBit)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
    R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-04-24] (Intel Corporation)
    R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344864 2015-01-27] (IObit)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
    R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-09] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-04-24] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
    R2 Memopal Crawler; C:\Program Files\Memopal\MemopalCrawler.exe [2398712 2014-10-28] ()
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-21] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-04-16] (Realtek Semiconductor)
    R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-03-13] (IObit)
    R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [89072 2014-04-30] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-21] (Intel® Corporation)
    S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
    R2 bdfsfltr; C:\windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
    R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2014-11-10] (IObit)
    R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-16] (REALiX(tm))
    S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-09] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)
    S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-09] (Intel Corporation)
    S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-09] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-04-03] ()
    R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-09] (Intel Corporation)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-04-16] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3494680 2015-04-16] (Intel Corporation)
    R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2014-11-10] (IObit.com)
    S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [70656 2013-06-18] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-04-16] (Synaptics Incorporated)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-05-07] (Synaptics Incorporated)
    S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
    R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2014-11-10] (IObit.com)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
    R1 {8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64; C:\Windows\System32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64.sys [48784 2014-11-18] (StdLib)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-11 06:04 - 2015-05-11 06:04 - 00000000 ____D () C:\FRST
    2015-05-11 06:02 - 2015-05-11 06:02 - 00000794 _____ () C:\windows\setupact.log
    2015-05-11 06:02 - 2015-05-11 06:02 - 00000000 _____ () C:\windows\setuperr.log
    2015-04-28 21:04 - 2015-04-28 21:04 - 00001201 _____ () C:\Users\Public\Desktop\Smart Defrag 4.lnk
    2015-04-28 21:04 - 2015-04-28 21:04 - 00000000 ____D () C:\Users\mrsmr_000\AppData\IObit
    2015-04-28 21:04 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\windows\system32\IObitSmartDefragExtension.dll
    2015-04-28 21:01 - 2015-05-08 18:23 - 00000000 ____D () C:\Users\mrsmr_000\AppData\Roaming\Skype
    2015-04-28 21:01 - 2015-04-28 21:01 - 00002743 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-28 21:01 - 2015-04-28 21:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-04-28 21:01 - 2015-04-28 21:01 - 00000000 ____D () C:\Users\mrsmr_000\AppData\Local\Skype
    2015-04-28 21:01 - 2015-04-28 21:01 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-28 21:01 - 2015-04-28 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-28 20:59 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
    2015-04-28 20:59 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
    2015-04-28 20:59 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\windows\system32\rascfg.dll
    2015-04-28 20:59 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\rascfg.dll
    2015-04-28 20:58 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
    2015-04-28 20:58 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys
    2015-04-28 20:58 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Input.Inking.dll
    2015-04-28 20:58 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Input.Inking.dll
    2015-04-28 20:57 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
    2015-04-28 20:57 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
    2015-04-28 20:57 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
    2015-04-28 20:57 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
    2015-04-28 20:57 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
    2015-04-28 20:57 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
    2015-04-28 20:57 - 2015-03-14 03:03 - 04179968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-04-28 20:57 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
    2015-04-28 20:57 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
    2015-04-28 20:57 - 2015-03-13 03:59 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2015-04-28 20:57 - 2015-03-13 03:38 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2015-04-28 20:57 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
    2015-04-28 20:57 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
    2015-04-28 20:57 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
    2015-04-28 20:57 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
    2015-04-28 20:57 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
    2015-04-28 20:57 - 2015-02-13 03:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2015-04-28 20:57 - 2015-02-13 02:46 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2015-04-28 20:57 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2015-04-28 20:56 - 2015-03-13 01:29 - 00410017 _____ () C:\windows\system32\ApnDatabase.xml
    2015-04-28 20:56 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
    2015-04-28 20:56 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
    2015-04-28 20:56 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
    2015-04-22 20:20 - 2015-04-22 20:21 - 00004982 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for POOTER-mrsmr_000 Pooter
    2015-04-22 13:51 - 2015-04-22 13:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-18 14:20 - 2015-04-19 21:51 - 00000000 ____D () C:\Users\mrsmr_000\Desktop\Ben work
    2015-04-16 21:37 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
    2015-04-16 21:37 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
    2015-04-16 21:37 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
    2015-04-16 21:37 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
    2015-04-16 21:37 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
    2015-04-16 21:37 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2015-04-16 21:37 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2015-04-16 21:37 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2015-04-16 21:37 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
    2015-04-16 21:37 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
    2015-04-16 21:37 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
    2015-04-16 21:37 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
    2015-04-16 21:37 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
    2015-04-16 21:37 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
    2015-04-16 21:37 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
    2015-04-16 21:37 - 2015-01-30 04:00 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
    2015-04-16 21:37 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll
    2015-04-16 21:37 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll
    2015-04-16 21:37 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\eappgnui.dll
    2015-04-16 21:37 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc42u.dll
    2015-04-16 21:37 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc42.dll
    2015-04-16 21:37 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappgnui.dll
    2015-04-16 21:37 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\eapp3hst.dll
    2015-04-16 21:37 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\windows\SysWOW64\atlthunk.dll
    2015-04-16 21:37 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\windows\system32\eapphost.dll
    2015-04-16 21:37 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\windows\SysWOW64\eapp3hst.dll
    2015-04-16 21:37 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\windows\SysWOW64\eapphost.dll
    2015-04-16 21:37 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\windows\system32\eappcfg.dll
    2015-04-16 21:37 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\windows\SysWOW64\eappcfg.dll
    2015-04-16 21:37 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\photowiz.dll
    2015-04-16 21:37 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\windows\SysWOW64\photowiz.dll
    2015-04-16 21:37 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-04-16 21:37 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2015-04-16 21:37 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
    2015-04-16 21:37 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-04-16 21:37 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2015-04-16 21:37 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
    2015-04-16 21:37 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
    2015-04-16 21:37 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2015-04-16 21:37 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\StorageContextHandler.dll
    2015-04-16 21:37 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\windows\SysWOW64\StorageContextHandler.dll
    2015-04-16 21:37 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\windows\explorer.exe
    2015-04-16 21:37 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
    2015-04-16 21:37 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\windows\system32\calc.exe
    2015-04-16 21:37 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\windows\SysWOW64\calc.exe
    2015-04-16 21:37 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
    2015-04-16 21:37 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
    2015-04-16 21:37 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\windows\system32\LockScreenContentServer.exe
    2015-04-16 21:29 - 2015-04-16 21:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2015-04-16 21:28 - 2015-04-16 21:28 - 00129312 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys
    2015-04-16 21:28 - 2015-04-16 21:28 - 00031472 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys
    2015-04-16 21:27 - 2015-04-16 21:27 - 03548592 _____ () C:\windows\system32\Drivers\Netwfw02.dat
    2015-04-16 21:27 - 2015-04-16 21:27 - 03494680 _____ (Intel Corporation) C:\windows\system32\Drivers\Netwbw02.sys
    2015-04-16 21:26 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
    2015-04-16 21:26 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
    2015-04-16 21:26 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
    2015-04-16 21:26 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
    2015-04-16 21:26 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2015-04-16 21:26 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2015-04-16 21:26 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
    2015-04-16 21:26 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
    2015-04-16 21:26 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
    2015-04-16 21:26 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
    2015-04-16 21:26 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
    2015-04-16 21:26 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
    2015-04-16 21:26 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2015-04-16 21:21 - 2015-04-16 21:22 - 00000000 ___SD () C:\windows\system32\GWX
    2015-04-16 21:21 - 2015-04-16 21:21 - 00000000 ___SD () C:\windows\SysWOW64\GWX
    2015-04-16 21:20 - 2015-04-16 21:20 - 00000000 ____D () C:\Program Files\Waves
    2015-04-16 21:19 - 2015-04-16 21:19 - 72113152 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCORES64.dat
    2015-04-16 21:19 - 2015-04-16 21:19 - 12975360 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVoiceAPO3064.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 11884288 _____ (Waves Audio Ltd.) C:\windows\SysWOW64\MaxxVoiceAPO30.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 07087448 _____ (Dolby Laboratories) C:\windows\system32\DDPP64A.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 05804772 _____ () C:\windows\system32\Drivers\rtvienna.dat
    2015-04-16 21:19 - 2015-04-16 21:19 - 04425816 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
    2015-04-16 21:19 - 2015-04-16 21:19 - 03691608 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioMeters64.exe
    2015-04-16 21:19 - 2015-04-16 21:19 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 02909552 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 02814832 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
    2015-04-16 21:19 - 2015-04-16 21:19 - 02041432 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01953864 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
    2015-04-16 21:19 - 2015-04-16 21:19 - 01945856 _____ (Creative Technology Ltd.) C:\windows\system32\MBAPO264.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01939800 _____ (Dolby Laboratories) C:\windows\system32\DDPD64A.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01713920 _____ (Creative Technology Ltd.) C:\windows\SysWOW64\MBAPO232.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01709272 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01499984 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO5064.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01360640 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO6064.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01298136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 01136728 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO4064.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 00979280 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVoiceAPO2064.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 00631000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 00560328 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 00397592 _____ (Creative Technology Ltd.) C:\windows\system32\MBWrp64.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 00315736 _____ (Dolby Laboratories) C:\windows\system32\DDPO64A.dll
    2015-04-16 21:19 - 2015-04-16 21:19 - 00261464 _____ (Dolby Laboratories) C:\windows\system32\DDPA64.dll
    2015-04-16 21:12 - 2015-04-14 00:24 - 00792056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-04-16 21:12 - 2015-04-14 00:24 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-16 21:11 - 2015-05-10 20:00 - 00002878 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (mrsmr_000)
    2015-04-16 21:11 - 2015-05-09 09:15 - 00002177 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
    2015-04-16 21:11 - 2015-04-28 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
    2015-04-16 21:11 - 2015-04-16 21:11 - 00026528 _____ (REALiX(tm)) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
    2015-04-16 21:11 - 2015-04-16 21:11 - 00003236 _____ () C:\windows\System32\Tasks\Driver Booster Scan
    2015-04-16 21:11 - 2015-04-16 21:11 - 00003188 _____ () C:\windows\System32\Tasks\SmartDefrag4_Startup
    2015-04-16 21:11 - 2015-04-16 21:11 - 00003186 _____ () C:\windows\System32\Tasks\SmartDefrag4_Update
    2015-04-16 21:11 - 2015-04-16 21:11 - 00003180 _____ () C:\windows\System32\Tasks\Driver Booster Update
    2015-04-16 21:11 - 2015-04-16 21:11 - 00001308 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
    2015-04-16 21:11 - 2015-04-16 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
    2015-04-16 21:11 - 2015-04-16 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
    2015-04-16 21:11 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\windows\system32\SmartDefragBootTime.exe
    2015-04-16 21:11 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\windows\system32\Drivers\SmartDefragDriver.sys
    2015-04-16 21:10 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-04-16 21:10 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-04-16 21:10 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-04-16 21:10 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-04-16 21:10 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-04-16 21:10 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-04-16 21:10 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-04-16 21:10 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
    2015-04-16 21:10 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
    2015-04-15 11:05 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-04-15 11:05 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2015-04-15 11:05 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
    2015-04-15 11:05 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2015-04-15 11:05 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
    2015-04-15 11:05 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll
    2015-04-15 11:05 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
    2015-04-15 11:05 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
    2015-04-15 11:05 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
    2015-04-15 11:05 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
    2015-04-15 11:05 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2015-04-15 11:05 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2015-04-15 11:05 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-04-15 11:05 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-04-15 11:05 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-04-15 11:05 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-04-15 11:05 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-04-15 11:05 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-04-15 11:05 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-04-15 11:05 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-04-15 11:05 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-04-15 11:05 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2015-04-15 11:05 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-04-15 11:05 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-04-15 11:05 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-04-15 11:05 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-04-15 11:05 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
    2015-04-15 11:05 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2015-04-15 11:05 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-04-15 11:05 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-04-15 11:05 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-04-15 11:05 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
    2015-04-15 11:05 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-04-15 11:05 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-04-15 11:05 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-04-15 11:05 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-04-15 11:05 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-04-15 11:05 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-04-15 11:05 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2015-04-15 11:05 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2015-04-15 11:05 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
    2015-04-15 11:05 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2015-04-15 11:05 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2015-04-15 11:05 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-04-15 11:05 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2015-04-15 11:05 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2015-04-15 11:05 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-04-15 11:05 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2015-04-15 11:05 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-04-15 11:05 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-04-15 11:05 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2015-04-15 11:05 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2015-04-15 11:05 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-04-15 11:04 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-04-15 11:04 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2015-04-15 11:04 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
    2015-04-15 11:04 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
    2015-04-15 11:04 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2015-04-15 11:04 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2015-04-15 11:04 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-04-15 11:04 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-04-15 11:04 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-04-15 11:04 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
    2015-04-15 11:04 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2015-04-15 11:04 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-04-15 11:04 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-04-15 11:04 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-04-15 11:04 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2015-04-15 11:04 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2015-04-15 11:04 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2015-04-15 11:04 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2015-04-15 11:04 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
    2015-04-15 11:04 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
    2015-04-15 11:04 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
    2015-04-15 11:04 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-11 06:02 - 2014-11-13 14:31 - 01827244 _____ () C:\windows\WindowsUpdate.log
    2015-05-11 06:01 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
    2015-05-10 21:29 - 2015-02-10 23:24 - 00000938 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091344036-716997978-2294441580-1005UA.job
    2015-05-10 21:28 - 2014-11-13 18:25 - 00000000 ____D () C:\Users\mrsmr_000\AppData\Local\Packages
    2015-05-10 21:22 - 2015-02-07 13:17 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-05-10 20:18 - 2014-11-13 21:18 - 00000534 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task de049757-2982-4506-b251-b77cad7df684.job
    2015-05-10 20:18 - 2014-11-13 21:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-05-10 20:05 - 2014-03-18 10:53 - 00865408 _____ () C:\windows\system32\PerfStringBackup.INI
    2015-05-10 19:59 - 2015-02-07 13:17 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-05-10 19:59 - 2014-11-13 18:32 - 00000000 __RDO () C:\Users\mrsmr_000\OneDrive
    2015-05-10 19:59 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2015-05-10 19:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\windows\system32\config\BBI
    2015-05-09 09:15 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
    2015-05-07 16:36 - 2014-11-13 18:50 - 00000000 ____D () C:\Users\mrsmr_000\Documents\Recipies
    2015-05-07 16:34 - 2014-11-13 18:25 - 00000000 ____D () C:\Users\mrsmr_000
    2015-05-05 22:54 - 2014-11-13 15:00 - 00000296 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
    2015-05-05 22:29 - 2015-02-10 23:24 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091344036-716997978-2294441580-1005Core.job
    2015-05-05 22:13 - 2014-11-13 15:00 - 00000000 ____D () C:\ProgramData\ProductData
    2015-05-05 22:12 - 2014-11-13 14:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-05-05 20:18 - 2014-11-13 18:36 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2091344036-716997978-2294441580-1005
    2015-05-05 09:02 - 2014-11-13 22:15 - 00000000 ____D () C:\ProgramData\TEMP
    2015-05-02 08:22 - 2014-11-13 14:52 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-28 21:03 - 2013-08-22 15:44 - 00481880 _____ () C:\windows\system32\FNTCACHE.DAT
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\WinStore
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\PolicyDefinitions
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-04-28 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-04-28 21:02 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
    2015-04-28 21:02 - 2013-08-22 14:36 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
    2015-04-27 20:44 - 2014-11-19 07:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-20 02:00 - 2014-11-13 21:18 - 00000534 _____ () C:\windows\Tasks\SUPERAntiSpyware Scheduled Task de19161f-8a40-4a51-8726-1b4912310136.job
    2015-04-19 22:08 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
    2015-04-16 21:45 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppCompat
    2015-04-16 21:20 - 2014-09-07 06:26 - 00340476 _____ () C:\windows\system32\Drivers\rtwavesskdy.dat
    2015-04-16 21:20 - 2014-09-07 06:26 - 00077866 _____ () C:\windows\system32\Drivers\RTWAVES30.dat
    2015-04-16 21:20 - 2014-09-07 06:26 - 00003160 _____ () C:\windows\System32\Tasks\RtHDVBg_MA3Firmware
    2015-04-16 21:20 - 2014-09-07 06:26 - 00003148 _____ () C:\windows\System32\Tasks\RTKCPL
    2015-04-16 21:20 - 2014-09-07 06:26 - 00003146 _____ () C:\windows\System32\Tasks\RtHDVBg_PushButton
    2015-04-16 21:20 - 2014-09-07 06:26 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
    2015-04-16 21:18 - 2014-11-14 23:52 - 00000000 ____D () C:\windows\system32\MRT
    2015-04-16 21:14 - 2014-11-14 23:52 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-04-16 21:11 - 2014-11-13 18:25 - 00000000 ____D () C:\Users\mrsmr_000\AppData\Roaming\IObit
    2015-04-16 21:11 - 2014-11-13 15:00 - 00000000 ____D () C:\ProgramData\IObit
    2015-04-16 21:11 - 2014-11-13 14:59 - 00000000 ____D () C:\Program Files (x86)\IObit
    2015-04-16 21:10 - 2014-12-26 10:16 - 00000000 ____D () C:\windows\system32\appraiser
    2015-04-16 21:10 - 2014-11-15 00:25 - 00000000 ___SD () C:\windows\system32\CompatTel
    ==================== Files in the root of some directories =======
    2014-11-13 23:00 - 2014-11-14 11:32 - 0001075 _____ () C:\Users\mrsmr_000\AppData\Roaming\SAS7_000.DAT
    2014-09-07 06:26 - 2014-09-07 06:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    Some content of TEMP:
    ====================
    C:\Users\Martin\AppData\Local\Temp\SetupO365HomePremRetail.x86.en-US_O365HomePremRetail_C38KN-CHYGK-D2DKF-YDDVD-RJM44_act_1_.exe

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-04-18 20:38
    ==================== End Of Log ============================

    And the Addition log:


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
    Ran by mrsmr_000 at 2015-05-11 06:04:53
    Running from D:\
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2091344036-716997978-2294441580-500 - Administrator - Disabled)
    Guest (S-1-5-21-2091344036-716997978-2294441580-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2091344036-716997978-2294441580-1003 - Limited - Enabled)
    Martin (S-1-5-21-2091344036-716997978-2294441580-1001 - Administrator - Enabled) => C:\Users\Martin
    mrsmr_000 (S-1-5-21-2091344036-716997978-2294441580-1005 - Administrator - Enabled) => C:\Users\mrsmr_000
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 7.1.0 - IObit)
    ChromecastApp (HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
    Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
    Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
    Firefox Packages (HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\Firefox Packages) (Version: - ) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
    Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{1D5C9D08-546D-4A7E-B0F1-F33E94257B09}) (Version: 5.0.10.2832 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{6e3d3c5f-ea0c-4457-850d-9dd60b6ab95a}) (Version: 16.8.0 - Intel Corporation)
    IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.0 - IObit)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
    Maxx Audio Installer (x64) (Version: 2.6.5320.104 - Waves Audio Ltd.) Hidden
    Memopal (HKLM\...\Memopal) (Version: 4.0.0 - Memopal)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.2.08 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7460 - Realtek Semiconductor Corp.)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
    Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.1.0 - IObit)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
    Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.62 - Synaptics Incorporated)
    True Color (HKLM-x32\...\{f8476c72-fe9e-4c04-a537-40a60257e57d}) (Version: 2.0.0.1 - Entertainment Experience)
    True Color (Version: 2.0.0.1 - Entertainment Experience LLC) Hidden
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-2091344036-716997978-2294441580-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2091344036-716997978-2294441580-1005_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mrsmr_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2091344036-716997978-2294441580-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mrsmr_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    ==================== Restore Points =========================
    15-03-2015 16:33:31 Scheduled Checkpoint
    09-04-2015 13:29:05 Scheduled Checkpoint
    16-04-2015 21:10:32 Windows Update
    16-04-2015 21:19:24 Driver Booster : Intel(R) 8 Series LPC Controller (Premium SKU) - 9C43
    28-04-2015 20:58:25 Windows Update
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {0039B3DF-1FFA-46E0-9749-D3644E664FB2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {02B62C05-C336-4D69-BC8F-9814EBB22DCE} - System32\Tasks\RtHDVBg_MA3Firmware => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-16] (Realtek Semiconductor)
    Task: {06A5B87F-E218-4B76-8085-40F4728D77C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task de049757-2982-4506-b251-b77cad7df684 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {0EFBA9ED-127D-4125-AC5F-11110E1FFB40} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
    Task: {11A1FB4B-4211-4120-AAE8-9CE35DDA114E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-07] (Synaptics Incorporated)
    Task: {15AEC2AE-1F2C-45CC-9DA6-898CE9EA987F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-04-16] (Realtek Semiconductor)
    Task: {1DAF157D-0E9F-42B4-BC28-6E150861AB03} - System32\Tasks\SUPERAntiSpyware Scheduled Task de19161f-8a40-4a51-8726-1b4912310136 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
    Task: {20751FB5-29B0-4AB4-BE93-1C1200765E0D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {20C71DA3-022A-44E9-9B47-9E24F389847F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2091344036-716997978-2294441580-1005UA => C:\Users\mrsmr_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
    Task: {245EF7AC-F5CD-47BD-AC5D-2D158C3A33A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {27A88E08-2ABE-4669-BEEF-636238461B69} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
    Task: {2F906CE2-B1C0-4CBD-A249-D5E6B31557A4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for POOTER-mrsmr_000 Pooter => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
    Task: {47234EE7-D2EF-4CBC-9A1A-FC2AAC0B8ECE} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-16] (Realtek Semiconductor)
    Task: {4ADAA88E-F159-4A5F-9F0F-41AE3C54B0F5} - System32\Tasks\ASC7U_SkipUac_Martin => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2014-04-01] (IObit)
    Task: {4BA35835-AC6F-417F-8F93-AC2C54FC6AC9} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-02-05] (IObit)
    Task: {6DBC256D-31F3-494A-A10A-9085D4FCBDCF} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-09] (Intel)
    Task: {85274961-1751-4C56-BB18-A19C3742CE0E} - System32\Tasks\Driver Booster SkipUAC (mrsmr_000) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-02-05] (IObit)
    Task: {86620B2F-EBF1-400E-A3CC-4209EDDE7CE9} - System32\Tasks\ASC7U_SkipUac_mrsmr_000 => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2014-04-01] (IObit)
    Task: {91031F88-AF3A-43F1-91BC-8C3127EFF177} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2091344036-716997978-2294441580-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
    Task: {98E58476-6490-4126-BE45-021111F803BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2091344036-716997978-2294441580-1005Core => C:\Users\mrsmr_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
    Task: {A8F444AC-BD04-4C62-A00F-6C92A7DD48F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {ABA31CC3-5839-403A-AD94-519DD1C20614} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-02-04] (IObit)
    Task: {AC0EC125-CF2D-463A-96C0-0263C732AC62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
    Task: {B37863DF-6CA2-4A95-A473-3E17917706D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
    Task: {B53E265F-5E84-4B1D-B026-422DF2C668C7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
    Task: {C06F7A34-CB97-49F6-BE32-5E5E3A0A3D8D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {CED3E479-ADD4-44DB-950E-04EF6DD349BE} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-10] (IObit)
    Task: {D8A2F0EC-CE54-4332-B9E6-44F5F75BFF66} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2014-02-24] (IObit)
    Task: {D970AF11-F357-47EB-9E70-E94080940E04} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-04-28] (IObit)
    Task: {F0E70904-C4A7-4173-B4CA-831197583D60} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
    Task: C:\windows\Tasks\ASC7U_SkipUac_Martin.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe
    Task: C:\windows\Tasks\ASC7U_SkipUac_mrsmr_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091344036-716997978-2294441580-1005Core.job => C:\Users\mrsmr_000\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2091344036-716997978-2294441580-1005UA.job => C:\Users\mrsmr_000\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task de049757-2982-4506-b251-b77cad7df684.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task de19161f-8a40-4a51-8726-1b4912310136.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    ==================== Loaded Modules (whitelisted) ==============
    2013-09-17 16:54 - 2013-09-17 16:54 - 00466944 _____ () C:\windows\system32\DPPPlugin.dll
    2015-02-20 09:01 - 2015-02-20 09:01 - 00022528 _____ () C:\windows\System32\us001lm.dll
    2015-05-05 06:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-04-24 20:24 - 2014-04-24 20:24 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2014-04-24 20:24 - 2014-04-24 20:24 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2014-04-24 20:24 - 2014-04-24 20:24 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
    2014-04-24 20:24 - 2014-04-24 20:24 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2014-10-28 18:14 - 2014-10-28 18:14 - 02398712 _____ () C:\Program Files\Memopal\MemopalCrawler.exe
    2014-04-30 14:20 - 2014-04-30 14:20 - 00089072 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
    2015-02-20 09:01 - 2015-02-20 09:01 - 01603584 _____ () C:\windows\system32\spool\DRIVERS\x64\3\us001du.dll
    2015-03-17 19:18 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-10-28 18:14 - 2014-10-28 18:14 - 02142200 _____ () C:\Program Files\Memopal\ShellExtensionx64\ShellExtension.dll
    2014-11-13 14:59 - 2013-09-30 16:35 - 01120064 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\RealTimeProtector.exe
    2014-11-26 14:52 - 2014-11-26 14:52 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
    2014-11-13 14:59 - 2013-01-15 19:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
    2014-11-13 14:59 - 2013-11-14 17:02 - 00218944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
    2015-03-08 18:17 - 2015-01-09 19:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
    2015-04-16 21:11 - 2015-03-13 13:22 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2014-11-13 14:59 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madExcept_.bpl
    2014-11-13 14:59 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madBasic_.bpl
    2014-11-13 14:59 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madDisAsm_.bpl
    2014-11-13 14:59 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
    2015-04-28 21:04 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
    2015-04-16 21:11 - 2015-03-13 13:22 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
    2015-04-16 21:11 - 2015-03-13 13:22 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
    2015-04-16 21:11 - 2015-03-13 13:22 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
    2015-04-16 21:11 - 2015-03-13 13:22 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
    2015-04-16 21:11 - 2015-03-13 13:22 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
    2015-04-16 21:11 - 2015-03-13 13:22 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
    2015-04-16 21:11 - 2015-03-13 13:23 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
    2015-03-08 18:17 - 2015-01-09 19:46 - 00182048 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
    2015-03-08 18:17 - 2015-01-09 19:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
    2014-09-07 06:26 - 2013-09-04 00:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
    AlternateDataStreams: C:\Users\Martin\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\mrsmr_000\OneDrive:ms-properties
    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
    ==================== EXE Association (whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\100sexlinks.com -> 100sexlinks.com
    There are 4788 more restricted sites.
    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\mrsmr_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\vaio 13 img1 wallpaper 1920x1080.jpg
    DNS Servers: 194.168.4.100 - 194.168.8.100
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\StartupApproved\Run: => "ISUSPM"
    HKU\S-1-5-21-2091344036-716997978-2294441580-1005\...\StartupApproved\Run: => "Skype"
    ==================== FirewallRules (whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{9944DA6A-1AE1-4E33-B80F-4F1A99EE2423}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{FAB3112E-EB75-4A7B-BBDE-0E189FD2A667}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{59174D1F-8A9F-4652-A519-F21A1CE47083}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{89C5A3DE-63F5-48D8-A433-A4F4E970532C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{CFA57878-1E76-4441-91CF-F24AD01E43A3}] => (Allow) C:\Users\Martin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{20EDFD4A-AB93-41AF-872E-DE1D9910DB21}] => (Allow) LPort=51001
    FirewallRules: [{5B73538E-758D-4E22-896E-24CA19189362}] => (Allow) LPort=51001
    FirewallRules: [{EC35E146-353F-45CB-8530-C5F6DC7937E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CFDC62D4-9216-482F-B23E-0620132039CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{9402084F-5C81-4E03-9481-06B2EBB2AA24}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{00659336-FADB-4A9B-88F7-38543A90407A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{C81F1CC8-D51F-4A2E-AE01-B49F8D11EEE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/11/2015 06:05:09 AM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: An error has occurred (Problem with user account
    ).
    Error: (05/11/2015 06:01:51 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
    Description: Notifications for the volume C:\ are not active.
    Context: Windows Application

    Details:
    The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)
    Error: (05/10/2015 09:33:00 PM) (Source: DNS logging) (EventID: 0) (User: )
    Description: Logger: Socket error: 10054
    Error: (05/10/2015 09:17:23 PM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: An error has occurred (Problem with user account
    ).
    Error: (05/10/2015 09:17:22 PM) (Source: DNS logging) (EventID: 0) (User: )
    Description: Logger: Socket error: 10054
    Error: (05/10/2015 08:02:48 PM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: An error has occurred (Problem with user account
    ).
    Error: (05/10/2015 03:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc000000d
    Fault offset: 0x0000000000101e60
    Faulting process id: 0x75c
    Faulting application start time: 0xsvchost.exe_DiagTrack0
    Faulting application path: svchost.exe_DiagTrack1
    Faulting module path: svchost.exe_DiagTrack2
    Report Id: svchost.exe_DiagTrack3
    Faulting package full name: svchost.exe_DiagTrack4
    Faulting package-relative application ID: svchost.exe_DiagTrack5
    Error: (05/09/2015 03:45:51 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
    Description: Notifications for the volume C:\ are not active.
    Context: Windows Application

    Details:
    The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
    Error: (05/09/2015 09:48:43 AM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: An error has occurred (Problem with user account
    ).
    Error: (05/09/2015 09:45:14 AM) (Source: IMFservice) (EventID: 0) (User: )
    Description: The handle is invalid

    System errors:
    =============
    Error: (05/10/2015 03:31:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Diagnostics Tracking Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    Error: (05/10/2015 03:31:15 PM) (Source: DCOM) (EventID: 10010) (User: POOTER)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
    Error: (05/09/2015 09:13:45 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 19:12:32 on ‎08/‎05/‎2015 was unexpected.
    Error: (05/08/2015 09:40:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    Error: (05/08/2015 09:40:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    Error: (05/08/2015 09:39:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    Error: (05/08/2015 09:39:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    Error: (05/08/2015 09:38:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    Error: (05/08/2015 09:38:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    Error: (05/08/2015 09:37:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

    Microsoft Office Sessions:
    =========================
    Error: (05/11/2015 06:05:09 AM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: Memopal CrawlerProblem with user account
    Error: (05/11/2015 06:01:51 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
    Description: Context: Windows Application

    Details:
    The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)
    C:\
    Error: (05/10/2015 09:33:00 PM) (Source: DNS logging) (EventID: 0) (User: )
    Description: Logger: Socket error: 10054
    Error: (05/10/2015 09:17:23 PM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: Memopal CrawlerProblem with user account
    Error: (05/10/2015 09:17:22 PM) (Source: DNS logging) (EventID: 0) (User: )
    Description: Logger: Socket error: 10054
    Error: (05/10/2015 08:02:48 PM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: Memopal CrawlerProblem with user account
    Error: (05/10/2015 03:31:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: svchost.exe_DiagTrack6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000000d0000000000101e6075c01d08a34853b236cC:\windows\System32\svchost.exeC:\windows\SYSTEM32\ntdll.dll3980939b-f721-11e4-82a8-e8b1fc003867
    Error: (05/09/2015 03:45:51 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
    Description: Context: Windows Application

    Details:
    The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)
    C:\
    Error: (05/09/2015 09:48:43 AM) (Source: Memopal Crawler) (EventID: 1) (User: )
    Description: Memopal CrawlerProblem with user account
    Error: (05/09/2015 09:45:14 AM) (Source: IMFservice) (EventID: 0) (User: )
    Description: The handle is invalid

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
    Percentage of memory in use: 26%
    Total physical RAM: 8097.09 MB
    Available physical RAM: 5913.49 MB
    Total Pagefile: 9377.09 MB
    Available Pagefile: 7288.26 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB
    ==================== Drives ================================
    Drive c: (Windows) (Fixed) (Total:222.36 GB) (Free:181.96 GB) NTFS
    Drive d: (HITMANPRO) (Removable) (Total:7.45 GB) (Free:6.49 GB) FAT32
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 238.5 GB) (Disk ID: D3C6BD49)
    Partition: GPT Partition Type.
    ========================================================
    Disk: 1 (Size: 7.5 GB) (Disk ID: 117E200E)
    Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
    ==================== End Of Log ============================

    Finally, the chechup file:

    Results of screen317's Security Check version 1.001
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    Advanced SystemCare Ultimate
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Mozilla Firefox (37.0.2)
    Google Chrome (42.0.2311.135)
    Google Chrome (42.0.2311.90)
    ````````Process Check: objlist.exe by Laurent````````
    IObit IObit Malware Fighter IMFsrv.exe
    IObit IObit Malware Fighter IMF.exe
    IObit IObit Malware Fighter IMFTips.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Best

    Nimzo

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,472

    Re: How to remove Astromenda

    Thank you for the logs, Nimzo.

    It is your computer and, thus, your choice. However, I would be remiss if I didn't add words of caution regarding the IObit software installed on your computer. To start, based on IOBit's past practices, IObit lost trust when IOBit Steals Malwarebytes' Intellectual Property. Further, Advanced System Care is a known cause of BSOD's. Adding to that, system optimizers and registry cleaners cannot distinguish between good and bad files and then do be over-zealous, including the removal of legitimate keys and values in the process. Taking it a step further, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

    1. Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database, please wait a bit.
    • Click on the Scan button.
    • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    2. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    3. Please download Malwarebytes Anti-Malware from Here.

    Double-click on the setup file (mbam-setup.exe), then click on Run to install.
    • Select the language and click OK.
    • Accept the agreement.
    • Make sure a check mark is placed next to Enable the Free Trial and Launch Malwarebytes Anti-Malware, then click on finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now". (The scan may take some time to finish,so please be patient.)
    • When the scan is complete, click on Quarantine All.
    • When disinfection is completed, a log will open in Notepad. If the log doesn't open, select View detailed log in the Scan tab.
    • If prompted to restart (see Note below), launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Post the contents of the log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    4. Please provide a fresh FRST scan.
    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • This time it will produce one log in the same directory the tool is run from -- FRST.txt.
    • Please copy/paste that log in your reply.


    5. How is IE now?
    Last edited by Corrine; 05-11-2015 at 12:50 PM.
    SkyWolf says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: How to remove Astromenda

    Thanks, lots to take in here and will report back when all done!

    Cheers

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,472

    Re: How to remove Astromenda

    Take your time, Nimzo, and be sure to ask if anything isn't clear.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: How to remove Astromenda

    Hi, sorry for delay. The cleanup worked! Thanks, no Astromenda any more. Can add the checkup files if you like.

    I replaced IObit with MBAM, which seems okay on the laptop, but my main PC lost access to some sites, became very slow on IE and also stopped connecting to my main email account. Despite making the sites exceptions, the only way I could get them back (and my emails!) was by uninstalling MBAM. Even its own help site would not open - how bizarre is that? I will take this up with them but thought you ought to know.

    Anyway many thanks and I am now a fan of your site and services

    Best

    Nimzo

  8. #8
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,032
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: How to remove Astromenda

    Hi nimzo.
    That's strange: are you "talking" about MBAM free or premium?

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,472

    Re: How to remove Astromenda

    Hi, Nimzo.

    With regard to your laptop, your machine, your choice. However, if you don't wish to provide the logs from the tools used, we need to clean things up, in which case please do the following:

    Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run


    As to your main PC, yes, I agree, it is bizarre. If you had IObit on that computer, had it already been installed? Did the problems begin before or after scanning with MBAM? In other words, was it the mere installation or did the problems start following a scan?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Cant remove hao123.com
    By Kelchan35 in forum Security Arena
    Replies: 20
    Last Post: 08-17-2014, 01:03 PM
  2. cant remove hao123
    By Kelchan35 in forum General Help & Information
    Replies: 3
    Last Post: 08-08-2014, 01:48 PM
  3. how to manually remove KB2661254-v2
    By askjoy in forum General Help & Information
    Replies: 2
    Last Post: 03-05-2013, 01:45 PM

Log in

Log in