1. #1

    Problely infected + can't use recovery in windows settings

    Hi there!
    I've been looking around the web for a few apps that can help and I came a cross this site.
    It's awsome what your doing, thank you for your time!

    So, I'm pretty sure I'm infected.
    My credit card have been used from outside the country and I really need help cleaning it up.
    And exepet from that, I can't "refresh" my computer, it's "some files are missing". I've used /sfc scannow but it said it can't fix it.

    Here's the farbar's log:

    FRST:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
    Ran by user (administrator) on EVYATAR (15-01-2016 09:13:01)
    Running from C:\Users\user\Desktop\Strong tools\Farbar safe
    Loaded Profiles: user (Available Profiles: user)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DTShellHlp.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48128128 2015-10-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro Advanced\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 168.159.216.74 128.221.224.144
    Tcpip\..\Interfaces\{342F0987-9B41-40B8-BF3F-B1698B42202B}: [DhcpNameServer] 168.159.216.74 128.221.224.144
    Tcpip\..\Interfaces\{3D326732-7D76-45B4-A3C0-5A6DDCD2CAE0}: [DhcpNameServer] 192.168.77.254

    Internet Explorer:
    ==================
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-11-07] (Nexon)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2813843797-1546752179-644543416-1001: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-2813843797-1546752179-644543416-1001: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
    FF Extension: Quick Searcher - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2015-12-24] [not signed]
    FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google מצגות) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-06]
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-06]
    CHR Extension: (כונן Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-06]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
    CHR Extension: (Quick Searcher) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccodghgodlomliflnlkobciodlakmhmp [2015-12-24]
    CHR Extension: (חיפוש Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-06]
    CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-06]
    CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-06]
    CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
    CHR Extension: (Any.do) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-10-06]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-04-08] (Conexant Systems, Inc.)
    R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe [1291024 2015-02-27] (Disc Soft Ltd)
    R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
    R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
    S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-22] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
    R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-09-22] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [9000256 2012-08-23] (Intel Corporation) [File not signed]
    R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew01.sys [3354384 2015-05-04] (Intel Corporation)
    R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-08-22] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-08-22] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-22] (Microsoft Corporation)
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-14 08:04 - 2016-01-14 08:04 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
    2016-01-14 07:44 - 2016-01-14 07:44 - 00000000 ____D C:\Users\user\AppData\Local\niemiro
    2016-01-14 07:34 - 2016-01-15 09:12 - 00000000 ____D C:\FRST
    2016-01-14 07:32 - 2016-01-15 09:10 - 00000000 ____D C:\Users\user\Desktop\Strong tools
    2016-01-14 07:14 - 2016-01-14 07:14 - 00000942 _____ C:\Users\user\Desktop\SFCFix.txt
    2016-01-14 07:14 - 2016-01-14 07:14 - 00000000 ____D C:\SFCFix
    2016-01-14 05:42 - 2015-12-11 06:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-01-14 05:42 - 2015-12-11 06:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-01-14 05:42 - 2015-12-11 05:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-01-14 05:42 - 2015-12-11 05:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-01-14 05:42 - 2015-12-11 05:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-01-14 05:42 - 2015-12-11 05:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-01-14 05:42 - 2015-12-11 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-01-14 05:42 - 2015-12-11 05:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-01-14 05:42 - 2015-12-11 05:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-01-14 05:42 - 2015-12-11 05:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-01-14 05:42 - 2015-12-11 04:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-01-14 05:42 - 2015-12-11 04:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-01-14 05:42 - 2015-12-11 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-01-14 05:42 - 2015-12-11 04:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-01-14 05:42 - 2015-12-11 04:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-01-14 05:42 - 2015-12-11 04:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-01-14 05:42 - 2015-12-11 04:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-01-14 05:42 - 2015-12-11 04:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-01-14 05:42 - 2015-12-11 04:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-01-14 05:42 - 2015-12-11 04:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-01-14 05:42 - 2015-12-11 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-01-14 05:41 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
    2016-01-14 05:41 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
    2016-01-14 05:41 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-01-14 05:41 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-01-14 05:41 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
    2016-01-14 05:41 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-01-14 05:41 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
    2016-01-14 05:41 - 2015-12-03 19:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
    2016-01-14 05:41 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-01-14 05:41 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
    2016-01-14 05:41 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-01-14 05:41 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-01-14 05:41 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
    2016-01-14 05:41 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-01-14 05:41 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
    2016-01-14 05:41 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-01-14 05:41 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
    2016-01-14 05:41 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-01-14 05:41 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-01-14 05:41 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-01-14 05:41 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-01-14 05:40 - 2015-12-30 21:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-01-14 05:40 - 2015-12-30 21:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-01-14 05:40 - 2015-12-30 21:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-01-14 05:40 - 2015-12-10 02:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-01-14 05:40 - 2015-12-07 12:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-01-14 05:40 - 2015-12-04 17:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-01-14 05:40 - 2015-12-03 21:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-01-14 05:40 - 2015-12-03 21:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-01-14 05:40 - 2015-12-03 21:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
    2016-01-14 05:40 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-01-14 05:40 - 2015-12-03 21:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-01-14 05:40 - 2015-12-03 20:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-01-14 05:40 - 2015-12-03 20:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
    2016-01-14 05:40 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-01-14 05:40 - 2015-12-03 20:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-01-14 05:40 - 2015-12-03 20:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-01-14 05:40 - 2015-12-03 19:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2016-01-14 05:40 - 2015-12-03 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2016-01-14 05:40 - 2015-12-03 19:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-01-14 05:40 - 2015-12-03 19:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-01-14 05:40 - 2015-12-03 18:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-01-14 05:40 - 2015-11-17 23:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-01-14 05:39 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-01-14 05:39 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-01-14 01:09 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.trb
    2016-01-14 01:06 - 2016-01-14 01:06 - 00000000 ____D C:\ProgramData\TEMP
    2016-01-14 01:05 - 2016-01-14 01:05 - 00001123 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
    2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Users\user\Documents\Simply Super Software
    2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Simply Super Software
    2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\ProgramData\Simply Super Software
    2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
    2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
    2016-01-10 01:42 - 2016-01-10 01:42 - 00000000 ____D C:\System
    2016-01-09 23:29 - 2016-01-09 23:29 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES
    2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
    2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
    2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
    2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
    2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
    2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
    2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
    2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
    2016-01-03 02:08 - 2015-10-22 18:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2016-01-03 02:08 - 2015-10-22 18:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2016-01-03 02:08 - 2015-10-22 17:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2016-01-03 02:08 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2016-01-03 02:08 - 2015-10-22 16:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
    2016-01-03 02:08 - 2015-10-22 16:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
    2016-01-02 18:29 - 2016-01-02 18:30 - 00000000 ____D C:\Users\user\Downloads\Super.Porn
    2016-01-02 18:29 - 2016-01-02 18:29 - 00000000 ____D C:\Users\user\Downloads\Porn.Auditions.XXX.DVDRip.x264-Pr0nStarS
    2016-01-01 23:26 - 2016-01-01 23:35 - 434903118 _____ C:\Users\user\Desktop\voice_029jjk.wav
    2016-01-01 23:22 - 2016-01-01 23:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
    2016-01-01 23:18 - 2015-12-19 13:13 - 05473540 ____N C:\Users\user\Desktop\20151219_131344.mp4
    2016-01-01 23:18 - 2015-12-19 13:12 - 03319686 ____N C:\Users\user\Desktop\20151219_131217.mp4
    2016-01-01 23:18 - 2015-12-19 13:12 - 01500893 ____N C:\Users\user\Desktop\20151219_131243.mp4
    2016-01-01 23:18 - 2015-12-19 11:52 - 463060970 ____N C:\Users\user\Desktop\20151219_114835.mp4
    2016-01-01 23:13 - 2016-01-01 23:22 - 00000000 ____D C:\Program Files (x86)\Audacity
    2016-01-01 23:13 - 2016-01-01 23:13 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2016-01-01 23:13 - 2016-01-01 23:13 - 00001021 _____ C:\Users\Public\Desktop\Audacity.lnk
    2016-01-01 23:11 - 2015-12-22 13:35 - 79862025 ____N C:\Users\user\Desktop\Voice_029.m4a
    2016-01-01 10:52 - 2016-01-01 10:52 - 00000000 ____D C:\Users\user\Documents\Eidos
    2016-01-01 09:52 - 2016-01-01 09:52 - 00000220 _____ C:\Users\user\Desktop\Tomb Raider Anniversary.url
    2016-01-01 09:52 - 2016-01-01 09:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-12-31 00:05 - 2015-12-31 00:05 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
    2015-12-31 00:05 - 2015-12-31 00:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
    2015-12-25 09:34 - 2015-12-25 09:34 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    2015-12-25 09:34 - 2015-12-25 09:34 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
    2015-12-25 09:32 - 2015-12-25 09:32 - 09662976 _____ (TeamViewer GmbH) C:\Users\user\Desktop\TeamViewer_Setup_he.exe
    2015-12-24 21:21 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2015-12-24 21:20 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-12-24 21:20 - 2015-11-11 17:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-12-24 21:20 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2015-12-24 21:20 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-12-24 21:20 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2015-12-24 21:20 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-12-24 21:20 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-12-24 21:20 - 2015-11-10 01:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-12-24 21:20 - 2015-11-10 01:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2015-12-24 21:20 - 2015-11-09 00:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-24 21:20 - 2015-11-09 00:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-12-24 21:20 - 2015-11-08 23:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-12-24 21:20 - 2015-11-08 23:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2015-12-24 21:20 - 2015-11-08 23:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-12-24 21:20 - 2015-11-08 23:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-12-24 21:20 - 2015-11-08 23:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-12-24 21:20 - 2015-11-08 23:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-12-24 21:20 - 2015-11-08 22:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2015-12-24 21:18 - 2015-11-22 08:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-12-24 21:18 - 2015-11-22 08:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-12-24 21:18 - 2015-11-22 08:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-12-24 21:18 - 2015-11-22 08:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-12-24 21:18 - 2015-11-21 20:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
    2015-12-24 21:18 - 2015-11-21 19:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
    2015-12-24 21:18 - 2015-11-21 18:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2015-12-24 21:18 - 2015-11-21 18:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2015-12-24 21:18 - 2015-11-21 18:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2015-12-24 21:18 - 2015-11-21 18:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2015-12-24 21:18 - 2015-11-09 02:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2015-12-24 21:18 - 2015-11-09 00:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-24 21:18 - 2015-11-08 23:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-12-24 21:18 - 2015-11-08 23:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-12-24 21:18 - 2015-11-08 23:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2015-12-24 21:18 - 2015-11-08 22:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-12-24 21:18 - 2015-11-08 22:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2015-12-24 21:18 - 2015-11-08 22:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2015-12-24 21:18 - 2015-10-10 19:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2015-12-24 21:18 - 2015-10-03 21:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2015-12-24 21:18 - 2015-10-03 21:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2015-12-24 21:17 - 2015-11-21 00:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-12-24 21:17 - 2015-11-20 20:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-12-24 21:17 - 2015-11-20 18:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-12-24 21:17 - 2015-11-20 18:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-12-24 21:17 - 2015-11-20 18:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-12-24 21:17 - 2015-11-20 18:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-12-24 21:17 - 2015-11-20 18:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-12-24 21:17 - 2015-11-20 18:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-12-24 21:17 - 2015-11-20 18:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-12-24 21:17 - 2015-11-20 18:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-12-24 21:17 - 2015-11-20 18:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-12-24 21:17 - 2015-11-20 18:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-12-24 21:17 - 2015-11-20 18:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-12-24 21:17 - 2015-10-28 17:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-12-24 21:17 - 2015-10-28 17:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-12-24 21:17 - 2015-10-11 08:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-12-24 21:17 - 2015-10-11 08:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2015-12-24 21:17 - 2015-10-11 08:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
    2015-12-24 21:17 - 2015-10-11 08:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
    2015-12-24 21:17 - 2015-10-11 08:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
    2015-12-24 21:17 - 2015-10-10 20:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
    2015-12-24 21:17 - 2015-10-10 20:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
    2015-12-24 21:17 - 2015-10-10 20:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
    2015-12-24 21:17 - 2015-10-08 18:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2015-12-24 21:17 - 2015-10-08 17:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2015-12-24 21:17 - 2015-10-05 20:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2015-12-24 21:17 - 2015-10-05 20:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-12-24 20:02 - 2015-12-24 20:02 - 00000000 ____D C:\Users\user\AppData\Local\AION
    2015-12-21 21:19 - 2015-12-24 20:42 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
    2015-12-20 17:37 - 2015-12-20 17:37 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
    2015-12-20 17:36 - 2015-12-20 17:36 - 00000000 ____D C:\Users\user\AppData\Local\TeamViewer
    2015-12-20 17:34 - 2016-01-15 07:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2015-12-20 09:43 - 2015-12-20 09:43 - 00000000 ____D C:\Users\user\AppData\Local\Splashtop
    2015-12-20 09:42 - 2015-12-21 20:00 - 00000000 ____D C:\ProgramData\Splashtop
    2015-12-19 20:43 - 2015-12-24 20:42 - 00000000 ____D C:\Users\user\Documents\Notes
    2015-12-19 16:25 - 2015-12-24 20:42 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
    2015-12-19 16:25 - 2015-12-19 16:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
    2015-12-19 16:17 - 2015-12-19 16:17 - 00000000 ____H C:\Users\user\Documents\Default.rdp
    2015-12-18 08:29 - 2015-12-18 08:31 - 00000021 _____ C:\Users\user\Desktop\lul.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-15 09:01 - 2015-10-06 02:51 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-15 08:38 - 2015-11-19 09:20 - 00000000 ____D C:\Users\user\OneDrive
    2016-01-15 08:34 - 2015-10-06 02:51 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-15 01:06 - 2015-08-22 03:50 - 00418330 _____ C:\WINDOWS\system32\perfh00D.dat
    2016-01-15 01:06 - 2015-08-22 03:50 - 00065296 _____ C:\WINDOWS\system32\perfc00D.dat
    2016-01-15 01:06 - 2014-11-21 10:44 - 01336072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-01-15 01:06 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
    2016-01-15 01:01 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-01-15 01:00 - 2013-08-22 16:44 - 04958976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-15 01:00 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2016-01-15 01:00 - 2013-04-08 15:16 - 00000000 ____D C:\Program Files (x86)\Intel
    2016-01-15 00:58 - 2015-08-24 10:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-01-15 00:58 - 2014-11-21 17:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
    2016-01-15 00:57 - 2015-10-01 16:35 - 00000000 ____D C:\Users\user\AppData\Local\ClassicShell
    2016-01-15 00:57 - 2015-08-21 11:14 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
    2016-01-14 07:35 - 2013-08-22 15:36 - 00000000 ____D C:\Windows
    2016-01-14 07:25 - 2015-08-20 11:00 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
    2016-01-14 05:48 - 2015-08-20 19:41 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-01-14 05:48 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-01-14 05:46 - 2015-08-20 19:41 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-01-14 02:06 - 2015-08-20 22:05 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-14 02:00 - 2015-09-04 10:04 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
    2016-01-14 01:25 - 2015-08-20 17:56 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2813843797-1546752179-644543416-1001
    2016-01-09 23:27 - 2015-12-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-08 09:17 - 2015-10-09 08:01 - 00007606 _____ C:\Users\user\AppData\Local\resmon.resmoncfg
    2016-01-05 22:04 - 2015-08-24 10:39 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-01-05 22:04 - 2015-08-24 10:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-01-02 21:25 - 2015-09-08 11:23 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
    2016-01-01 23:10 - 2015-11-26 18:12 - 00000000 ____D C:\Users\user\Desktop\Progs
    2015-12-31 00:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-24 21:18 - 2015-10-01 17:05 - 00001164 _____ C:\Users\user\Desktop\Downloads - Shortcut.lnk
    2015-12-24 21:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-12-24 20:42 - 2015-10-06 02:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\‏יישומי Chrome
    2015-12-24 20:42 - 2015-10-06 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-12-24 20:42 - 2015-10-01 16:35 - 00000000 ____D C:\ProgramData\ClassicShell
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SystemResources
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Globalization
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
    2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-12-24 20:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-12-24 20:42 - 2013-04-08 18:21 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
    2015-12-24 20:41 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-12-24 20:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration

    ==================== Files in the root of some directories =======

    2015-10-09 08:01 - 2016-01-08 09:17 - 0007606 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-06 23:09

    ==================== End of FRST.txt ============================
    Addition:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
    Ran by user (2016-01-14 07:35:11)
    Running from C:\Users\user\Desktop\Strong tools\Farbar safe
    Windows 8.1 (X64) (2015-08-21 15:20:18)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2813843797-1546752179-644543416-500 - Administrator - Disabled)
    Guest (S-1-5-21-2813843797-1546752179-644543416-501 - Limited - Disabled)
    user (S-1-5-21-2813843797-1546752179-644543416-1001 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
    1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla)
    99 Levels To Hell (HKLM-x32\...\Steam App 264280) (Version: - Zaxis Games)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
    BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
    Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
    Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.46.0 - Conexant)
    Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - DT Soft Ltd.)
    Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.5.4 - ELAN Microelectronic Corp.)
    Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
    Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C2A72E57-2CC7-4C02-BE19-0A12D74C5D63}) (Version: 18.1.1525.1445 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{e6f0207e-ac43-48a9-bfff-3d879b45694d}) (Version: 18.12.1 - Intel Corporation)
    Last Man (HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Last Man) (Version: - )
    MapleStory (HKLM-x32\...\MapleStory) (Version: - )
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
    NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
    Skype Web Plugin (HKLM-x32\...\{1FA35853-3EBA-449C-8D52-E925CECC2352}) (Version: 7.9.0.56 - Skype Technologies S.A.)
    Skype™ 7.13 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.13.101 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
    The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
    Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version: - Crystal Dynamics)
    Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
    Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{3AD65835-62CE-4DBD-95A9-9C52E04F5045}\InprocServer32 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\GatewayActiveX-x64.dll (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{A0D3F860-9D1C-4FEB-9E6C-E23084D15756}\localserver32 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\GatewayVersion-x64.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\EdgeCalling.exe (Skype Technologies S.A.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {406B6AA3-6A87-44F0-9E56-9A8595FFB53B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-06] (Google Inc.)
    Task: {437BA73D-4952-4845-B418-9B91EEE1007D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {9937EE5B-46EC-4595-B5A7-FE09F07F7BCC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
    Task: {A46B5104-6AFF-4F35-97E0-B83D782D26C7} - System32\Tasks\AdobeAAMUpdater-1.0-aviatar-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {BFCF21EC-593F-4EAF-9F43-42ABD4894C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-06] (Google Inc.)
    Task: {C753786D-015F-436F-ABE7-74DB081563B6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {F36844B8-E8D8-40F8-93DA-1046E8B49E04} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-16 04:45 - 2015-07-16 04:45 - 00105112 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
    2013-04-08 16:22 - 2012-07-18 10:03 - 00165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
    2015-08-22 09:08 - 2015-07-16 04:52 - 00413848 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
    2015-08-22 09:08 - 2015-07-16 04:59 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
    2015-08-22 09:08 - 2015-07-16 04:56 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
    2015-08-22 09:08 - 2015-07-16 04:56 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
    2015-08-22 09:08 - 2015-07-16 04:56 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
    2015-08-22 09:08 - 2015-07-16 04:57 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
    2015-08-22 09:08 - 2015-07-16 04:58 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
    2015-08-22 09:08 - 2015-07-16 04:58 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
    2015-08-22 09:08 - 2015-07-16 04:57 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
    2015-08-22 09:08 - 2015-07-16 04:55 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
    2013-04-08 16:00 - 2012-06-25 07:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2015-08-20 22:07 - 2015-11-10 21:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-08-20 22:07 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-08-20 22:07 - 2015-12-14 22:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-08-20 22:07 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-08-20 22:07 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-08-20 22:07 - 2015-09-24 02:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-08-20 22:07 - 2015-09-24 02:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-08-20 22:07 - 2015-09-24 02:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-08-20 22:07 - 2015-09-24 02:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-08-20 22:07 - 2015-09-24 02:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-08-20 22:07 - 2015-12-14 22:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-08-20 22:07 - 2015-11-04 00:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2015-08-20 22:07 - 2015-11-17 02:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-08-20 22:07 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2016-01-14 01:09 - 00000975 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 168.159.216.74 - 128.221.224.144
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Persistence"
    HKLM\...\StartupApproved\Run32: => "Raptr"
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{C40BB3C0-DFCA-4B4D-887B-F7C3290EFDAF}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{ACFE4755-2DFD-4582-96FE-56C5E983114F}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{6D8128D5-18B0-4B67-B515-FB1C48D7FC22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{53896FF0-6A1D-4E70-A14B-C4D1B89F259E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{6FBD4ADE-A9D8-4531-955C-A8DA115CE3BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{A7C3A1B6-0E4C-45FB-9BAE-79472FF8531C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{9D2C297F-E983-4491-9D11-F03230EB9A6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{27FC08AE-DD0E-4401-AFB9-52DA670B5C58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A056415A-24D6-4046-BEC3-8414E7E7C152}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{2EEED39D-01F4-4E1C-A811-8F51433C44AD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{F40326AE-5104-48CC-A77E-DD55A08BE9DE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{449E111E-C510-4E16-9465-2ED40641B7CE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{A95F4C6F-8B7B-48C5-A628-F61DA9F43B35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{8F5CDF74-666C-46D1-B887-0E6433A2B64E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{594755B8-156B-4647-BE6E-8A7E0C922420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{1AA09A8B-2C0F-4C11-82EF-458C3AE427DA}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{CD4FCBDA-E01C-4BB2-9297-6647BDE8C3D6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{B025725F-89CF-4969-8E60-0C0EC4B172AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
    FirewallRules: [{C0E99D25-95C6-48EA-8235-093DDC3E5A8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
    FirewallRules: [{080A7161-FFA5-4077-A23C-B2E38D9669FF}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe
    FirewallRules: [{81901C6E-2E94-4C9E-A3C0-4AA07B4A5578}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe
    FirewallRules: [{2BB80941-0351-4E53-AC5F-520AFEDA20D9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{29C55BE8-448A-40C7-A45C-DFD135A8381C}] => (Allow) LPort=2869
    FirewallRules: [{E6B91F89-EA5D-4614-90E9-B1DECC5659EA}] => (Allow) LPort=1900
    FirewallRules: [{FF86267E-9FB8-4B7E-B2B8-FE46662EA7A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
    FirewallRules: [{699E92CD-6D2D-48B9-AD3A-CB52C8644655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
    FirewallRules: [{66B4F4F5-2196-4851-9444-1B8DAA548A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
    FirewallRules: [{AA06A890-6BE7-4AA7-94C9-26BD99D42583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
    FirewallRules: [TCP Query User{757B0986-25D9-4482-BF4C-0F26C6AE2A9C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{A5B278FB-B8E6-4E46-B957-B18CE727C2CF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{BC1CEADD-AD41-4B18-B3B9-E7DE87D110E8}C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe
    FirewallRules: [UDP Query User{8BBAEFE0-112F-4B6D-8AC2-5FDEB99C58FA}C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe
    FirewallRules: [{E6218BDA-C999-4E51-A1A4-BCE1D0EC7AB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\99 Levels To Hell\99 Levels To Hell.exe
    FirewallRules: [{43ED794E-7582-4308-AEDC-E24E90D630CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\99 Levels To Hell\99 Levels To Hell.exe
    FirewallRules: [{C5D7C9D6-130C-4FD6-9139-5B55BF371265}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{8746196E-5FFB-4056-B8EC-9576A31BB9DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{C74DB924-B7C9-4AA7-80F3-3FD5739F7104}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{01A6B9D1-40B0-4173-9137-CB725D80430E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{D15BD864-5B0D-4C62-BF2C-252FFCAF3E87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{42CB59A4-4E00-4816-B762-C99B59A610EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe
    FirewallRules: [{F344A7F9-B362-4D73-A40A-750E37EA032F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe

    ==================== Restore Points =========================

    31-12-2015 00:03:53 Windows Update
    03-01-2016 04:04:38 Windows Update
    14-01-2016 01:30:03 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/06/2016 10:48:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: f10

    Start Time: 01d148c2cceb4915

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: c5aab66c-b4b6-11e5-be92-84a6c845a6e0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (12/25/2015 08:08:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 8e8

    Start Time: 01d13e7b62a65b1e

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    Report Id: dd801d72-aacd-11e5-be8f-84a6c845a6e0

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (12/24/2015 09:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (1340) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU003AE.log.

    Error: (12/19/2015 04:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: esrv_svc.exe, version: 1.2.1.1025, time stamp: 0x55a7a91f
    Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
    Exception code: 0xc0000374
    Fault offset: 0x00000000000f12e0
    Faulting process id: 0x66c
    Faulting application start time: 0xesrv_svc.exe0
    Faulting application path: esrv_svc.exe1
    Faulting module path: esrv_svc.exe2
    Report Id: esrv_svc.exe3
    Faulting package full name: esrv_svc.exe4
    Faulting package-relative application ID: esrv_svc.exe5

    Error: (12/15/2015 06:44:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1354

    Start Time: 01d135ab5ad88714

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 189f6bac-a34b-11e5-be90-84a6c845a6e0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (12/10/2015 12:12:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: bac

    Start Time: 01d132ca34524e8a

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 773a9ca4-9ebd-11e5-be8d-84a6c845a6e0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (12/03/2015 09:08:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
    Faulting module name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
    Exception code: 0xc0000005
    Fault offset: 0x001e7650
    Faulting process id: 0x1274
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3
    Faulting package full name: mbam.exe4
    Faulting package-relative application ID: mbam.exe5

    Error: (12/03/2015 01:32:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e48

    Start Time: 01d12a686d36e637

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: d737c3cd-994c-11e5-be89-84a6c845a6e0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (11/23/2015 06:20:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: IAStorDataMgrSvc.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.AccessViolationException
    Stack:
    at System.ServiceModel.Channels.PipeConnection+Exceptions.CreateReadException(Int32)
    at System.ServiceModel.Channels.PipeConnection.OnAsyncReadComplete(Boolean, Int32, Int32)
    at System.ServiceModel.Channels.OverlappedContext.CompleteCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
    at System.Runtime.Fx+IOCompletionThunk.UnhandledExceptionFrame(UInt32, UInt32, System.Threading.NativeOverlapped*)
    at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

    Error: (11/21/2015 12:23:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 22ac

    Start Time: 01d123e154237360

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 47e1c088-8fd5-11e5-be85-84a6c845a6e0

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


    System errors:
    =============
    Error: (01/14/2016 01:02:06 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/14/2016 01:02:06 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

    Error: (01/10/2016 06:22:53 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/10/2016 06:22:53 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

    Error: (01/10/2016 01:55:43 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/10/2016 01:55:43 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

    Error: (01/10/2016 01:24:29 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/10/2016 01:24:29 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.

    Error: (01/10/2016 01:24:28 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
    Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

    Error: (01/10/2016 01:24:28 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.


    CodeIntegrity:
    ===================================
    Date: 2015-08-29 10:36:30.412
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-29 10:13:20.112
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-24 11:59:01.477
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-24 11:59:00.821
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-24 11:42:10.033
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-24 11:38:29.211
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-22 10:02:23.081
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-21 18:13:22.299
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
    Percentage of memory in use: 50%
    Total physical RAM: 6005.85 MB
    Available physical RAM: 2967.92 MB
    Total Virtual: 8693.85 MB
    Available Virtual: 5205.05 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:931.17 GB) (Free:794.84 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3829D9DC)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
    Checkup:
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Trojan Remover 6.9.3
    Adobe Flash Player 19.0.0.245 Flash Player out of Date!
    Mozilla Firefox 40.0.2 Firefox out of Date!
    Google Chrome (46.0.2490.86)
    Google Chrome (47.0.2526.106)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
    And again, THANK YOU SO MUCH FOR YOUR TIME! :)


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Re: Problely infected + can't use recovery in windows settings

    ps,
    How would you like me to upload a cbs file? (If needed)
    I would like to upload it to a site where I don't need to register to, please.

  3. #3
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,470

    Re: Problely infected + can't use recovery in windows settings

    Hi, Evyatar.

    If you haven't yet, your first priority is contacting your credit card company. The fact that your credit card was used in another country does not necessarily mean your computer is infected. However, you or someone else using the computer is going to porn sites (as evidenced by a couple of files shown in the logs), then the possibility of infection is significantly increased.

    1. Adobe Flash Player is out of date. Although IE is updated via Windows Update, you need to update Flash Player for Firefox. Below is a direct download link for the latest version of Flash Player:

    Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/f..._20_plugin.exe

    2. Firefox has had several critical security updates and the current version ois 43.0.4. To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."

    3. Please follow the instructions below to run an on-line scan from ESET.
    • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
      • Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
      • Click the green ESET Online Scanner box.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the Eset Smart Installer icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
        • Scan potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.


    4. I don't need to see the CBS file as malware removal is dealt with in this forum. If you are having problems with Microsoft Updates, that will require assistance from the Sysnative Staff members who specialize in that area and can be handled after we finish here.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  4. #4

    Re: Problely infected + can't use recovery in windows settings

    Quote Originally Posted by Corrine View Post
    Hi, Evyatar.

    If you haven't yet, your first priority is contacting your credit card company. The fact that your credit card was used in another country does not necessarily mean your computer is infected. However, you or someone else using the computer is going to porn sites (as evidenced by a couple of files shown in the logs), then the possibility of infection is significantly increased.

    1. Adobe Flash Player is out of date. Although IE is updated via Windows Update, you need to update Flash Player for Firefox. Below is a direct download link for the latest version of Flash Player:

    Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/f..._20_plugin.exe

    2. Firefox has had several critical security updates and the current version ois 43.0.4. To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."

    3. Please follow the instructions below to run an on-line scan from ESET.
    • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
      • Hold down Control and click on this link to open ESET OnlineScan in a new window so you can refer to these instructions.
      • Click the green ESET Online Scanner box.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the Eset Smart Installer icon on your desktop.

      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
        • Scan potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth technology

      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.



    4. I don't need to see the CBS file as malware removal is dealt with in this forum. If you are having problems with Microsoft Updates, that will require assistance from the Sysnative Staff members who specialize in that area and can be handled after we finish here.
    Hi! :)
    Thank you for replying so fast!

    1. Of course I've contacted the card company and I've canceled them.
    2. Yeah, I'm watching porn... Is it that "not safe" to do so? how can I check if a site is with malware or not?
    3. I don't like updating firefox n/or the flash player, since that firefox crashing from time to time when there's a bad update...
    4. I've used eset scan thingy, and it found 4 malware items, but not Trojans or stuff like that. I've forgot to export the file.

  5. #5
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,470

    Re: Problely infected + can't use recovery in windows settings

    With 17 critical security updates in 2015, of which 5 of those updates were "out-of-band" (meaning critical vulnerabilities being exploited in the wild) Flash Player is one of the most targeted third-party programs by malware writers. By not applying the critical updates to Flash Player and Firefox, you are leaving your computer vulnerable -- thus when you visit those sites, the embedded malware in the videos can and most likely did infect your computer. Here's an example from a Flash exploit: Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising | Malwarebytes Unpacked. Then there is this example which is how a credit card could be breached: Malware Posing As Legitimate Bank Apps In 3 Major Continents | SecureWorld

    Add your use of µTorrent to the above and your computer is an absolute target for malware.
    Evyatar says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #6

    Re: Problely infected + can't use recovery in windows settings

    Quote Originally Posted by Corrine View Post
    With 17 critical security updates in 2015, of which 5 of those updates were "out-of-band" (meaning critical vulnerabilities being exploited in the wild) Flash Player is one of the most targeted third-party programs by malware writers. By not applying the critical updates to Flash Player and Firefox, you are leaving your computer vulnerable -- thus when you visit those sites, the embedded malware in the videos can and most likely did infect your computer. Here's an example from a Flash exploit: Large Number of Adult Sites Distribute Malware Via AdXpansion Malvertising | Malwarebytes Unpacked. Then there is this example which is how a credit card could be breached: Malware Posing As Legitimate Bank Apps In 3 Major Continents | SecureWorld

    Add your use of µTorrent to the above and your computer is an absolute target for malware.
    Ok.
    Thank you for explaining your self about the updates! :)
    Soon I'll be moving from the hdd to an ssd, so I don't think I'll update until then.
    But until then, is there any other tool that can be helpful?

    And again, Thank you.

    By the way:
    My mom's laptop has a weird problem, maybe you know about:
    when ever I'm trying to right click (for proprieties) in the main menu (for ex, My computer) it's just won't respond.
    I've tried external mouse and not the touch pad, but nothing.
    Any idea what to do?

  7. #7
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,470

    Re: Problely infected + can't use recovery in windows settings

    I double-checked with another member of the staff who concurs that neither of us are seeing malware in the logs, although it would have been helpful seeing the ESET log with the file names of what was removed. Seeing as how neither of us saw malware in the logs, from the standpoint of the help that I provide, no there isn't another tool that can be helpful.

    Not installing the Flash Player and FireFox security updates merely keeps your computer vulnerable and is reckless. Besides, an SSD is not going to solve your problems if you plan on imaging it with a corrupt installation from the current HDD. Thus, I repeat my strong advisory that you update both Firefox and Adobe Flash Player. Perhaps SpeedyFox will help with the problems you've had with Firefox crashing.

    With regard to the problems being unable to refresh your computer, see the below listed help articles:


    As to the problem with your Mom's laptop, I suggest your start a new topic either in the Hardware forum or in the appropriate operating system forum (e.g., Windows 7 | Windows Vista).

    Good luck!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. Replies: 16
    Last Post: 08-06-2015, 03:20 PM
  2. Microsoft Windows 7 Software Recovery
    By Corrine in forum Windows 7 | Windows Vista
    Replies: 3
    Last Post: 03-14-2015, 10:34 AM
  3. Infected Windows 2008 Server
    By wsjtrade in forum Security Arena
    Replies: 9
    Last Post: 09-19-2013, 11:47 PM

Log in

Log in