[SOLVED] Registry will not back up

J

john19303

Contributor
Joined
May 21, 2015
Posts
20
Location
Mid-Maryland
I can't back up my registry for my Win 8.1 system. This is recent, I noticed it about two weeks ago when I deleted an item using Revo Uninstall. My system seems to work normally. But running (with Admin privileges) sfc /scannow or chkdsk /f I get error readings. I am at my wits end. The only thing new to my system is a Windows Phone Nokia 635, about 4 weeks ago. All updates are up to date as of 5/21/2015. The two corrupted files I found with SFCFix 2.4.3.0 are something about C:\ Windows\winsxs\...... ed-telemetry-client...... .json (java). Let me know if you need more info. Thank you for any help you can give

Here are the file copies requested:


FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by John (administrator) on WINDOWS-8 on 21-05-2015 09:01:48
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Two Pilots) C:\Windows\VPDAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(The Neat Company) C:\Program Files\Neat\exec\NeatStartupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x86__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-03-21] (Western Digital Technologies, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1691136 2012-05-31] (AimerSoft)
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\Run: [SpeedConnectStartUp] => C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe [618192 2010-04-21] (CBS Software)
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\weatherbug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\Run: [GoogleChromeAutoLaunch_DC7C249942899F83C1747FF3FB5BD5F3] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-05-01] (Siber Systems)
HKU\S-1-5-21-1482476501-839522115-13943848-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [121344 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-04-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1482476501-839522115-13943848-1004\Software\Microsoft\Internet Explorer\Main,Start Page = News
HKU\S-1-5-21-1482476501-839522115-13943848-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing
URLSearchHook: HKLM - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
URLSearchHook: HKU\S-1-5-21-1482476501-839522115-13943848-1004 - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
SearchScopes: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> {4DD96CFA-3C65-4F77-A31A-F7FB2417866C} URL =
BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-01-22] (Abine)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-05-01] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-05] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-05-01] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-05-01] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> No Name - {82955283-343D-4B6C-BD3C-D147000058C8} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jbs3jhk7.default
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=BDT1DF&PC=BDT1&q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jbs3jhk7.default\searchplugins\bingp.xml [2014-02-03]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jbs3jhk7.default\Extensions\donottrackplus@abine.com [2015-01-12]
FF Extension: GoogleSharing - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jbs3jhk7.default\Extensions\googlesharing@extension.thoughtcrime.org [2013-05-20]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\jbs3jhk7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-15]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013-11-10]
FF HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-16]
Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-26]
CHR Extension: (All Java Sources) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleifhehdjlljnlbaplopcbnbgifpphg [2015-02-19]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-26]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-26]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-19]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-19]
CHR Extension: (Blur) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-02-19]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-26]
CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-19]
CHR Extension: (RoboForm) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-04-04]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-04-02]
CHR HKU\S-1-5-21-1482476501-839522115-13943848-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Agent; C:\WINDOWS\VPDAgent.exe [192512 2014-05-20] (Two Pilots) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-26] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-26] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-26] (Avast Software)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [250880 2014-10-28] (Microsoft Corporation)
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [977920 2015-03-04] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [919184 2015-05-01] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Neat Startup Service; C:\Program Files\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20698768 2015-05-01] (NVIDIA Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2589136 2015-02-23] (Paramount Software UK Ltd)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [103936 2014-10-28] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284488 2015-02-03] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2014-10-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22200 2015-02-03] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1269248 2014-10-28] (Microsoft Corporation)
S2 Realtek11nSU; C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-26] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-04-26] (Avast Software s.r.o.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-26] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\WINDOWS\System32\DRIVERS\aswNdisFlt.sys [271248 2015-04-26] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [81728 2015-04-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-26] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-26] (Avast Software s.r.o.)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [106912 2015-04-26] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-26] ()
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R3 CMUAC; C:\WINDOWS\system32\DRIVERS\CMUAC.SYS [411136 2014-03-11] (C-Media Inc.)
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [1698520 2013-07-31] (Realtek Semiconductor Corporation )
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2011-03-14] (Samsung Electronics) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-26] (Avast Software)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84800 2015-02-03] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 WsAudio_Device(1); C:\WINDOWS\system32\drivers\VirtualAudio1.sys [27496 2014-11-26] (Wondershare)
R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [190976 2014-10-28] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 09:01 - 2015-05-21 09:02 - 00024731 _____ () C:\Users\John\Desktop\FRST.txt
2015-05-21 09:00 - 2015-05-21 09:01 - 00000000 ____D () C:\FRST
2015-05-21 09:00 - 2015-05-21 09:00 - 01146880 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2015-05-21 08:34 - 2015-05-21 08:34 - 00003160 ____N () C:\bootsqm.dat
2015-05-21 07:22 - 2015-05-21 07:25 - 00002270 _____ () C:\Users\John\Desktop\Rkill.txt
2015-05-21 06:46 - 2015-05-21 06:47 - 00002480 _____ () C:\Users\John\Desktop\SFCFix.txt
2015-05-21 06:46 - 2015-05-21 06:46 - 00000000 ____D () C:\SFCFix
2015-05-21 03:08 - 2015-05-21 03:08 - 00000000 ____D () C:\Users\John\AppData\Local\{C53CD6DF-1874-424B-AB64-275034110B22}
2015-05-20 07:05 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-20 07:05 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rgb9rast.dll
2015-05-20 07:04 - 2015-04-16 02:22 - 00259928 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-20 07:04 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-20 07:04 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-20 07:04 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-20 07:04 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-20 07:04 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-20 07:04 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-20 07:04 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-20 07:03 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-20 07:03 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-20 07:03 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-20 07:03 - 2015-03-19 21:57 - 00873984 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-20 07:02 - 2015-04-08 18:07 - 00410336 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-20 06:46 - 2015-05-20 06:46 - 00302011 _____ () C:\Users\John\Downloads\WindowsUpdateDiagnostic.diagcab
2015-05-19 16:24 - 2015-05-19 16:24 - 00000000 ____D () C:\Users\John\AppData\Local\{9E124A2B-68D3-410B-949B-E99893F6C304}
2015-05-19 04:24 - 2015-05-19 04:24 - 00000000 ____D () C:\Users\John\AppData\Local\{83CE0D23-2CC2-43B7-A848-2BE09328015E}
2015-05-18 13:10 - 2015-05-18 13:10 - 00000000 ____D () C:\Users\John\AppData\Local\{4FDE1018-092A-4363-8A12-D30100B1260D}
2015-05-17 19:29 - 2015-05-17 19:29 - 00000000 ____D () C:\Users\John\AppData\Local\{9E85AC3A-E102-4C1B-A6BE-858221EF034C}
2015-05-17 07:45 - 2015-05-17 07:45 - 00001146 _____ () C:\Users\John\Desktop\Aimersoft DVD Ripper.lnk
2015-05-17 07:45 - 2015-05-17 07:45 - 00000000 ____D () C:\Users\John\Documents\Aimersoft DVD Ripper
2015-05-17 07:45 - 2015-05-17 07:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Aimersoft DVD Ripper
2015-05-17 07:45 - 2015-05-17 07:45 - 00000000 ____D () C:\ProgramData\Aimersoft DVD Ripper
2015-05-17 07:30 - 2015-05-17 07:30 - 00000000 ____D () C:\Users\John\Documents\Aimersoft DRM Media Converter
2015-05-17 07:29 - 2015-05-17 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2015-05-17 07:29 - 2015-05-17 07:45 - 00000000 ____D () C:\Program Files\Aimersoft
2015-05-17 07:29 - 2015-05-17 07:29 - 00001257 _____ () C:\Users\John\Desktop\Aimersoft DRM Media Converter.lnk
2015-05-17 07:29 - 2015-05-17 07:29 - 00000000 ____D () C:\Users\John\AppData\Local\Aimersoft
2015-05-17 07:29 - 2015-05-17 07:29 - 00000000 ____D () C:\Program Files\Common Files\Aimersoft
2015-05-17 07:29 - 2014-11-26 13:49 - 00027496 _____ (Wondershare) C:\WINDOWS\system32\Drivers\VirtualAudio1.sys
2015-05-17 07:29 - 2014-11-26 13:44 - 00675840 _____ () C:\WINDOWS\system32\ac3filter.ax
2015-05-17 07:29 - 2014-11-26 13:44 - 00496640 _____ () C:\WINDOWS\system32\xvid.ax
2015-05-17 07:29 - 2014-11-26 13:43 - 00892928 _____ (Free Software Foundation) C:\WINDOWS\system32\iconv.dll
2015-05-17 07:28 - 2015-05-17 07:28 - 13334663 _____ (Aimersoft Software ) C:\Users\John\Downloads\almedia-converter_full351.exe
2015-05-17 03:54 - 2015-05-17 03:54 - 00000000 ____D () C:\Users\John\AppData\Local\{BB46CABB-079B-4761-9B82-83349F6DBECE}
2015-05-16 11:08 - 2015-05-20 09:17 - 00000000 ____D () C:\Users\John\Desktop\2015Working copy spreadsheet
2015-05-16 11:04 - 2015-05-16 11:15 - 00000000 ____D () C:\Users\John\Desktop\Original Spreadsheet 2015
2015-05-16 10:57 - 2015-05-19 13:52 - 00000000 ___RD () C:\Users\John\Desktop\2015 spreadsheet - Copy
2015-05-16 10:50 - 2015-05-16 10:50 - 00000358 _____ () C:\WINDOWS\PFRO.log
2015-05-16 05:58 - 2015-05-16 10:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-16 05:39 - 2015-05-21 07:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-16 02:48 - 2015-05-16 02:48 - 00000000 ____D () C:\Users\John\AppData\Local\{751A82ED-6C0C-4A95-8251-0E8DF538968B}
2015-05-15 04:17 - 2015-05-15 04:17 - 00000000 ____D () C:\Users\John\AppData\Local\{74259CE8-243C-4F5A-BD51-B2B70B5D4089}
2015-05-14 14:38 - 2015-05-14 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-05-14 07:34 - 2015-05-21 08:35 - 00011061 _____ () C:\WINDOWS\setupact.log
2015-05-14 07:34 - 2015-05-14 07:34 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-14 04:25 - 2015-05-14 04:25 - 00000000 ____D () C:\Users\John\AppData\Local\{402131F2-021F-44DB-9E9A-971C492C073D}
2015-05-13 05:53 - 2015-05-13 05:53 - 00000000 ____D () C:\Users\John\AppData\Local\{9480C099-E75F-4E16-A6B6-7DB02057E7D4}
2015-05-13 05:14 - 2015-05-13 05:14 - 118118688 _____ () C:\Users\John\Downloads\Neat_v5.6.1.374_UPDATE.sfx.exe
2015-05-13 04:49 - 2015-04-18 04:21 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-05-13 04:49 - 2015-04-18 04:21 - 00191400 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-05-13 04:49 - 2015-04-18 04:21 - 00190888 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-05-13 04:48 - 2015-04-18 04:21 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-05-13 04:29 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:02 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 03:02 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 03:02 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 03:02 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 03:02 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 03:02 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 03:02 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 03:02 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 03:02 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 03:02 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 03:02 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 03:02 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 03:02 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 03:02 - 2015-04-21 11:26 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 03:02 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 03:02 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 03:02 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 03:02 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 03:02 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 03:02 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 03:02 - 2015-04-13 18:43 - 03543552 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 03:02 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 03:02 - 2015-04-09 20:23 - 01088512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 03:01 - 2015-04-08 18:59 - 00333624 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 03:01 - 2015-03-30 01:51 - 00478776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 03:01 - 2015-03-26 22:20 - 01117696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 14:36 - 2015-05-21 08:57 - 01452893 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-12 04:58 - 2015-05-12 04:58 - 00000705 _____ () C:\Users\John\Documents\Desktop - Shortcut.lnk
2015-05-12 03:40 - 2015-05-12 03:40 - 00000000 ____D () C:\Users\John\AppData\Local\{0E257CDA-533E-42CB-BB34-224A18E20B6D}
2015-05-11 04:14 - 2015-05-11 04:14 - 00000000 ____D () C:\Users\John\AppData\Local\{90A55D00-96F0-464E-BD81-C8A157810CC8}
2015-05-10 05:47 - 2015-05-10 05:47 - 00000000 ____D () C:\Users\John\AppData\Local\{102FC6CF-02C0-43DC-B2C7-D45A7211A21B}
2015-05-09 17:47 - 2015-05-09 17:47 - 00000000 ____D () C:\Users\John\AppData\Local\{3589FD55-870F-4DC4-BD5A-81462354A24F}
2015-05-09 05:46 - 2015-05-09 05:47 - 00000000 ____D () C:\Users\John\AppData\Local\{367FD821-36DB-46CA-BCC5-D9100D637F80}
2015-05-08 17:46 - 2015-05-08 17:46 - 00000000 ____D () C:\Users\John\AppData\Local\{78E29176-1B21-4670-9765-0011E1BFE770}
2015-05-08 05:46 - 2015-05-08 05:46 - 00000000 ____D () C:\Users\John\AppData\Local\{FC6F16B7-2C9B-4CCA-A1D8-5802830B8F8E}
2015-05-07 15:58 - 2015-05-07 15:58 - 00000000 ____D () C:\Users\John\AppData\Local\{69323A9E-0547-4638-9C04-F43BC317DF0E}
2015-05-07 04:31 - 2015-04-24 16:49 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-06 19:09 - 2015-05-06 19:09 - 00000000 ____D () C:\Users\John\AppData\Local\{AE091131-9DCC-46A9-9220-BD3C34F3C9A4}
2015-05-06 05:18 - 2015-05-06 05:19 - 00000000 ____D () C:\Users\John\AppData\Local\{77E974C8-FC26-41EB-958C-91EBCCE51B36}
2015-05-05 15:31 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-05 15:13 - 2015-05-05 15:13 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-05-05 15:12 - 2015-05-05 15:12 - 00002063 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-05-05 15:12 - 2015-05-05 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-05-05 05:47 - 2015-05-05 05:48 - 00000000 ____D () C:\Users\John\AppData\Local\{AF03D349-F960-4D11-A3F2-248E4DC9872B}
2015-05-04 04:01 - 2015-05-04 04:01 - 00000000 ____D () C:\Users\John\AppData\Local\{8C68E927-215F-411C-86CB-E93777024F74}
2015-05-03 03:43 - 2015-05-03 03:43 - 00000000 ____D () C:\Users\John\AppData\Local\{7F0048F3-EB0C-4AAD-A2FA-FFEDBF8D61FE}
2015-05-02 03:38 - 2015-05-02 03:38 - 00000000 ____D () C:\Users\John\AppData\Local\{24B180A9-3E8B-4CB1-A146-0C10BCF94867}
2015-05-01 12:42 - 2015-05-01 12:42 - 00000000 ____D () C:\Users\John\AppData\Local\{F86959C8-5379-45CF-B7A6-1DBDD22B822F}
2015-04-30 18:40 - 2015-04-30 18:40 - 00000000 ____D () C:\Users\John\AppData\Local\{63EE97CA-69AA-4448-BFDB-AE4ADEA84737}
2015-04-30 04:35 - 2015-03-19 21:47 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-30 04:35 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-30 00:01 - 2015-04-30 00:01 - 00020256 _____ (Western Digital Technologies) C:\WINDOWS\system32\Drivers\wdcsam.sys
2015-04-29 18:46 - 2015-04-29 18:46 - 00000000 ____D () C:\Users\John\AppData\Local\{147EB285-91A8-407B-B26A-44088448DFE3}
2015-04-29 05:08 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-04-29 05:08 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-04-29 04:07 - 2015-04-29 04:07 - 00000000 ____D () C:\Users\John\AppData\Local\{1B7787E4-8E36-4DD5-B9F5-F78A2A640060}
2015-04-28 02:59 - 2014-11-22 06:46 - 00032912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad32v.sys
2015-04-27 18:42 - 2015-04-27 18:42 - 00000000 ____D () C:\Users\John\AppData\Local\{DE967CE3-B678-4464-B00B-2D73EA854683}
2015-04-27 06:41 - 2015-04-27 06:41 - 00000000 ____D () C:\Users\John\AppData\Local\{90F97EBF-8315-492D-8DF4-DBB30C1DD4B8}
2015-04-26 14:55 - 2015-04-26 14:54 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-26 14:54 - 2015-04-26 14:54 - 00271248 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2015-04-26 14:54 - 2015-04-26 14:54 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-26 02:52 - 2015-04-26 02:52 - 00000000 ____D () C:\Users\John\AppData\Local\{C11E4B35-62FA-4D94-B079-81F2C6EF2D47}
2015-04-25 19:30 - 2015-04-25 19:30 - 00001545 _____ () C:\Users\John\AppData\Roaming\isound.xml
2015-04-25 19:30 - 2015-04-25 19:30 - 00000115 _____ () C:\Users\John\AppData\Roaming\names.xml
2015-04-25 19:30 - 2015-04-25 19:30 - 00000112 _____ () C:\Users\John\AppData\Roaming\events.xml
2015-04-25 19:28 - 2015-04-25 19:28 - 02103307 _____ (AbyssMedia.com ) C:\Users\John\Downloads\isound7 (1).exe
2015-04-25 16:26 - 2015-04-25 19:31 - 00000000 ____D () C:\Program Files\Abyssmedia
2015-04-25 16:26 - 2015-04-25 19:30 - 00001061 _____ () C:\Users\John\Desktop\i-Sound for Windows 7.lnk
2015-04-25 16:26 - 2015-04-25 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Sound Recorder for Windows 7
2015-04-25 16:26 - 2015-04-25 16:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Abyssmedia
2015-04-25 06:27 - 2015-04-25 06:27 - 00000000 ____D () C:\Users\John\AppData\Local\{61DA9CE0-C0BD-4100-95F6-0C8C691FBDF0}
2015-04-24 18:26 - 2015-04-24 18:27 - 00000000 ____D () C:\Users\John\AppData\Local\{BDF0C9BB-A886-4C46-B389-1C8ADCC82C5A}
2015-04-24 07:53 - 2015-04-24 07:53 - 00201800 _____ (RealNetworks, Inc.) C:\WINDOWS\system32\rmoc3260.dll
2015-04-24 07:53 - 2015-04-24 07:53 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2015-04-24 06:26 - 2015-04-24 06:26 - 00000000 ____D () C:\Users\John\AppData\Local\{82F4546F-50AB-4091-88B5-5D7C47517993}
2015-04-23 19:24 - 2015-04-23 19:24 - 06745792 _____ (Microsoft Corporation) C:\Users\John\Downloads\WindowsPhone.exe
2015-04-23 16:15 - 2015-04-23 16:15 - 00000000 ____D () C:\Users\John\AppData\Roaming\Notpod
2015-04-23 16:01 - 2015-04-23 16:18 - 00000000 ____D () C:\Program Files\Notpod
2015-04-23 16:01 - 2015-04-23 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notpod
2015-04-22 20:00 - 2015-04-22 20:01 - 00000000 ____D () C:\Users\John\AppData\Local\{26EDD392-B92B-4404-A1B0-E40D68279FD5}
2015-04-22 07:18 - 2015-04-22 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-04-22 07:18 - 2015-04-22 07:18 - 00000000 ____D () C:\Program Files\Windows Phone
2015-04-22 07:16 - 2015-04-22 07:16 - 00000000 ____D () C:\ProgramData\Applications
2015-04-22 02:29 - 2015-04-22 02:30 - 00000000 ____D () C:\Users\John\AppData\Local\{C20878B9-E79B-4491-8171-0A795612C268}
2015-04-21 14:48 - 2015-04-22 13:02 - 00001656 _____ () C:\Users\John\Desktop\Nokia B00LBFFSNM._V329467695_ - Shortcut.lnk
2015-04-21 14:18 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-21 14:18 - 2015-03-12 21:19 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-21 14:18 - 2015-03-04 19:08 - 00977920 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-21 14:18 - 2015-01-29 20:56 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-21 14:17 - 2015-03-17 13:15 - 00376128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-21 14:17 - 2015-03-12 22:18 - 00200000 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-21 14:17 - 2015-03-12 22:18 - 00131904 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-21 14:17 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-21 14:17 - 2015-03-08 21:18 - 00049664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-21 14:17 - 2015-03-05 22:27 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-21 14:16 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-21 14:16 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-21 14:16 - 2015-02-17 19:19 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-21 03:32 - 2015-04-21 03:33 - 00000000 ____D () C:\Users\John\AppData\Local\{2C05E49B-CDAC-449D-89C3-70E486FD3173}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-21 09:00 - 2013-08-22 04:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-21 08:59 - 2013-04-08 14:49 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 08:42 - 2015-01-12 12:43 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-21 08:42 - 2015-01-12 12:43 - 00000000 ____D () C:\Program Files\SpywareBlaster
2015-05-21 08:42 - 2013-11-06 20:07 - 00913650 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-21 08:38 - 2013-11-06 20:20 - 00000000 ___RD () C:\Users\John\SkyDrive
2015-05-21 08:37 - 2015-01-12 11:47 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 08:37 - 2013-04-08 14:49 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 08:35 - 2013-11-06 19:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-21 08:35 - 2013-08-22 03:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-21 08:29 - 2013-08-22 02:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-21 08:07 - 2013-04-08 14:50 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 06:43 - 2012-07-26 02:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-21 04:28 - 2013-12-05 11:02 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-20 16:17 - 2013-08-22 04:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-20 10:31 - 2015-02-28 07:11 - 00000498 _____ () C:\WINDOWS\Tasks\Macrium-Backup-{4B841EDC-F3A2-4965-89CE-D81F78021512}.job
2015-05-20 07:08 - 2013-08-22 04:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-17 06:01 - 2013-08-22 04:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 10:50 - 2013-04-28 04:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-16 06:01 - 2013-04-08 14:34 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2015-05-16 03:47 - 2013-08-22 04:17 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-15 09:10 - 2014-04-26 13:42 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-15 06:30 - 2013-04-08 14:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-05-15 05:28 - 2015-03-28 06:34 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-15 04:11 - 2013-04-08 14:49 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 18:50 - 2013-04-08 18:32 - 00030976 _____ () C:\WINDOWS\rascntrl.dll
2015-05-13 18:50 - 2013-04-08 18:32 - 00023104 _____ () C:\WINDOWS\system32\svcprmpt.dll
2015-05-13 16:20 - 2008-10-04 09:03 - 00000000 ____D () C:\Users\John\Desktop\Badgewinners
2015-05-13 08:02 - 2013-08-22 04:17 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 04:37 - 2013-08-22 03:22 - 00375656 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 04:36 - 2013-04-08 06:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 04:32 - 2015-02-21 09:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 04:30 - 2013-09-29 23:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 04:28 - 2013-04-08 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 04:26 - 2015-02-21 13:19 - 00081184 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-13 03:43 - 2013-07-12 12:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 03:43 - 2013-04-08 05:27 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 03:34 - 2013-04-08 15:09 - 00004956 _____ () C:\ProgramData\hpzinstall.log
2015-05-13 03:33 - 2013-04-08 15:10 - 00000000 ____D () C:\Program Files\HP
2015-05-13 03:33 - 2013-04-08 15:08 - 00000000 ____D () C:\ProgramData\HP
2015-05-13 03:20 - 2013-08-22 04:17 - 00000000 ____D () C:\WINDOWS\twain_32
2015-05-12 16:19 - 2013-04-09 15:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate
2015-05-12 05:27 - 2008-10-04 09:00 - 00000000 ____D () C:\Download Files to keep
2015-05-10 07:54 - 2013-05-02 05:57 - 00000000 ____D () C:\Users\John\Desktop\Badgehelp
2015-05-05 15:13 - 2013-08-22 02:21 - 00000000 ___RD () C:\Users\Public
2015-05-05 15:11 - 2015-04-08 04:36 - 00000000 ____D () C:\ProgramData\Skype
2015-05-05 13:59 - 2015-01-12 10:32 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-01-12 10:32 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-05 13:35 - 2015-04-08 04:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2015-05-04 13:53 - 2013-01-26 19:12 - 00000000 ____D () C:\Users\John\MailList
2015-05-04 13:42 - 2008-10-19 18:23 - 00000002 _____ () C:\temphtm.HTM
2015-05-01 12:51 - 2014-09-20 14:19 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge.dll
2015-05-01 12:51 - 2013-10-29 13:08 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap.dll
2015-05-01 03:20 - 2013-11-10 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-04-26 14:55 - 2014-05-08 09:59 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-26 14:55 - 2014-01-16 12:48 - 00106912 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-26 14:55 - 2013-11-15 15:36 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-26 14:55 - 2013-11-15 15:36 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-26 14:55 - 2013-11-15 15:36 - 00081728 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-26 14:55 - 2013-11-15 15:36 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-26 14:55 - 2013-11-15 15:36 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-26 14:54 - 2013-11-15 15:36 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-26 14:54 - 2013-11-15 15:36 - 00026096 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-04-26 14:06 - 2013-05-16 10:18 - 00000000 ____D () C:\Program Files\Real
2015-04-26 14:06 - 2013-04-23 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-26 14:05 - 2013-05-16 10:13 - 00000000 ____D () C:\ProgramData\Real
2015-04-26 14:04 - 2013-05-16 10:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\Real
2015-04-26 02:50 - 2015-01-12 11:47 - 00001028 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 02:50 - 2015-01-12 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 02:50 - 2015-01-12 11:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-24 08:16 - 2015-01-12 13:10 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpwsockx.dll
2015-04-24 08:16 - 2015-01-12 13:09 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dplayx.dll
2015-04-24 08:16 - 2015-01-12 13:05 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dplaysvr.exe
2015-04-24 08:16 - 2015-01-12 13:05 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpmodemx.dll
2015-04-24 08:16 - 2013-08-21 23:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-04-24 08:16 - 2013-08-21 23:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-04-24 08:16 - 2013-08-21 23:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-04-24 08:16 - 2013-08-21 23:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-04-24 08:16 - 2013-08-21 23:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-04-23 12:47 - 2013-10-19 10:32 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-21 14:19 - 2013-08-22 04:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-21 14:19 - 2013-08-22 02:21 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
==================== Files in the root of some directories =======
2015-04-25 19:30 - 2015-04-25 19:30 - 0000112 _____ () C:\Users\John\AppData\Roaming\events.xml
2015-04-25 19:30 - 2015-04-25 19:30 - 0001545 _____ () C:\Users\John\AppData\Roaming\isound.xml
2015-04-25 19:30 - 2015-04-25 19:30 - 0000115 _____ () C:\Users\John\AppData\Roaming\names.xml
2013-04-13 17:59 - 2015-03-20 07:20 - 0007596 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2013-04-08 15:09 - 2015-05-13 03:34 - 0004956 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Users\John\pp.dat
 
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-05-20 15:39
==================== End Of Log ============================


ADDITION.TXT
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by John at 2015-05-21 09:03:31
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
 
==================== Accounts: =============================
Administrator (S-1-5-21-1482476501-839522115-13943848-500 - Administrator - Enabled)
Guest (S-1-5-21-1482476501-839522115-13943848-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1482476501-839522115-13943848-1000 - Limited - Disabled)
John (S-1-5-21-1482476501-839522115-13943848-1004 - Administrator - Enabled) => C:\Users\John
SUPPORT_388945a0 (S-1-5-21-1482476501-839522115-13943848-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Aimersoft DRM Media Converter(Build 1.5.6.0) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Premier (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Do Not Track Me Add-on 2.2.8.122 (HKLM\...\Do Not Track Me Add-on_is1) (Version: 2.2.8.122 - Abine)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Express Burn (HKLM\...\ExpressBurn) (Version: - NCH Software)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
i-Sound Recorder Pro 7.2.1.0 (HKLM\...\i-Sound Recorder for Windows 7_is1) (Version: 7.2.1.0 - AbyssMedia.com)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.0.516 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MyMailList & AddressBook (HKLM\...\{884A3A17-74A5-4D71-98D4-C0BEFB64000D}) (Version: 7.0.0.0 - Elibrium, LLC)
Neat (HKLM\...\Neat) (Version: 5.6.1.374 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{58155B30-6BE9-4268-A059-149629149C63}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (Version: 5.6.1.374 - The Neat Company) Hidden
Neat Mobile Scanner Driver (HKLM\...\{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{30DF5C05-E6F2-4188-8481-CBE10E9D4906}) (Version: 2.0.2.26 - The Neat Company)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0165 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RoboForm 7-9-13-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-13-5 - Siber Systems)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.02.06.07 - Samsung Electronics Co., Ltd.)
Samsung ML-2160 Series (HKLM\...\Samsung ML-2160 Series) (Version: 1.08 (8/24/2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Send To Neat (HKLM\...\{F9C52512-F5AB-4CA8-8E35-6396797DD72A}) (Version: 1.1.0.0 - The Neat Company)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SpeedConnect Internet Accelerator v.8.0 (HKLM\...\SpeedConnect Internet Accelerator v.8.0_is1) (Version: - CBS Software)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WD Drive Utilities (HKLM\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{124310E8-7C49-4C33-B4F2-3CF43F3830B7}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
WeatherBug® (HKLM\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{1FFD7892-06E4-4A0A-941E-BC966900C883}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Media.ocx (palmOne, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{33AF5286-DC7B-40B3-AF6B-D5E15E9E72B7}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\MpegCodecFilter.ax (Arcsoft)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{33AF5287-DC7B-40B3-AF6B-D5E15E9E72B7}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\MpegCodecFilter.ax (Arcsoft)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{3CF39B9A-0CF8-4792-A918-67573260BDBE}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\Media.ocx (palmOne, Inc. developed by ArcSoft, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{496038FA-3891-4827-AFCD-A7B13B9FF75A}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{74531205-74DC-48FF-953B-3B6DC988424F}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\palmOne\NotePadExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{87001487-8B8A-4C40-BFEF-036F5BD5BAA3}\InprocServer32 -> C:\Program Files\palmOne\PhotoDesktop\PhotosPlugIn.dll (palmOne, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{9D3B3E2B-1789-4A83-8050-5ED8307B02E5}\InprocServer32 -> C:\Program Files\palmOne\VoiceMemoExt.ocx (Palm, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-839522115-13943848-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-05-2015 15:10:49 Removed Skype™ 7.3
11-05-2015 16:14:27 Revo Uninstaller Pro's restore point - CCWin9
12-05-2015 19:09:20 Removed Scan
12-05-2015 19:10:16 Removed Destinations
12-05-2015 19:10:51 Installed Scan
12-05-2015 19:11:53 Installed Destinations
13-05-2015 03:07:54 Removed HP Update.
13-05-2015 03:18:12 Revo Uninstaller Pro's restore point - HP Scanjet G3010
13-05-2015 03:22:26 Revo Uninstaller Pro's restore point - HP Photosmart Essential 3.5
13-05-2015 04:41:52 Removed Java 7 Update 76
15-05-2015 06:13:02 Revo Uninstaller Pro's restore point - PC Optimizer Pro
16-05-2015 16:15:20 Revo Uninstaller Pro's restore point - CCleaner
20-05-2015 07:05:15 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 02:13 - 2013-08-22 02:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0882F7FA-86C7-44A1-AD70-4A0F92C9DADC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-839522115-13943848-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1370CE0C-E09C-4CD6-93DD-8BB846EAF79E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.)
Task: {17748629-8F8D-46A5-A1EC-4506728ADA95} - System32\Tasks\Macrium-Backup-{4B841EDC-F3A2-4965-89CE-D81F78021512} => C:\Program Files\Macrium\Reflect\reflect.exe [2015-05-07] (Paramount Software UK Ltd)
Task: {25841C3B-3FFB-4EA5-9642-BA47F6B16918} - System32\Tasks\{479F1D53-4EA2-4CE6-8800-125644D9D832} => pcalua.exe -a "C:\Program Files\Samsung\Samsung Universal Print Driver 2 PCL6\SEInstall\Setup.exe" -c /R
Task: {2698D309-A01E-4BAD-BA53-E699DA831D42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {48FC6DBC-5F5C-44C2-9221-F2C37689CE9C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1482476501-839522115-13943848-1004 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {54C55F8D-9A4B-4C0A-92DE-D8F587903B73} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\WINDOWS\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {5A333FC8-7077-41A1-924D-6E08E63DC270} - System32\Tasks\{319D79B5-BBCD-4BAD-91BE-4BB30F1CE21B} => pcalua.exe -a "C:\My Downloads\vault.exe" -d "C:\My Downloads"
Task: {69314ECF-A67A-47BA-8940-2693801E9F34} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-839522115-13943848-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {6D342B0C-FF74-48FD-8744-03350A8A458E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\WINDOWS\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {80D4D8C8-C9F2-47E0-BD7C-B577F8C2E6A7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-16] (Adobe Systems Incorporated)
Task: {85AE7356-0954-4921-B24E-761155C5D29C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {89D2E7A5-2203-4C9A-B5A0-59076D48AF60} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1482476501-839522115-13943848-1004 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {8A5D2B4E-0D12-468E-B482-F2D56D9C2EC2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8CF25817-9894-4173-B3BD-E7A009B88351} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-08] (Google Inc.)
Task: {9A9E7FED-950E-4302-884C-7E9C4EFE3D54} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Pogo Games\PogoDGC.exe
Task: {A57A4DA2-6BD0-405F-9F59-6ACBA98034E9} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNMKJNMMJMMHMPMGMCNMMKMLMKMCNLMLMOMMMCNGMLMLMMMCNHMOMKMLMIMMMHMOMGMMJNJLMJNJICMIMCNGMCNOMMMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMHMNMGMJNHICMOJJIOJPMOMJNBJCMFLAJHJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMKMNMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {A9378F2F-913F-4A10-8007-D309D149AE28} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {B0AF3160-9616-492B-B360-CD763FFC2FA4} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()
Task: {B9BFC0FB-302C-49EF-8618-DC06337D8401} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CE38B77E-37A4-487B-A265-DCAA6B438956} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-05-01] (Siber Systems)
Task: {DC5B33E5-B495-4836-A43A-EC6442AC0C71} - System32\Tasks\Western Digital\SmartWare\____Volume_439eba0e_9137_11dd_8ea4_806d6172696f__dropbox_0c9d4479_3f99_4801_9da8_b1c9809440d0_dropbox_ => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe
Task: {ED0ABF1E-484D-4610-8636-840261C71724} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-26] (Avast Software s.r.o.)
Task: {F6FCA932-45A7-4D1C-8F74-A53001EEB0BA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FF181F9A-0B85-4CE0-98DE-4D338F890638} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Macrium-Backup-{4B841EDC-F3A2-4965-89CE-D81F78021512}.job => C:\Program Files\Macrium\Reflect\reflect.exeh-e -w C:\Users\John\Documents\Reflect\My Backup(1).xml
==================== Loaded Modules (Whitelisted) ==============
2013-11-06 19:43 - 2015-02-03 22:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-04-26 14:54 - 2015-04-26 14:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-26 14:54 - 2015-04-26 14:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-21 06:16 - 2015-05-21 06:16 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15052100\algo.dll
2015-03-11 03:52 - 2014-05-20 15:01 - 00048640 _____ () C:\WINDOWS\System32\sdtnpm.dll
2015-02-26 15:00 - 2011-04-11 01:26 - 00024064 _____ () C:\WINDOWS\System32\spep6l.dll
2015-04-08 09:59 - 2015-04-08 09:59 - 00018432 _____ () C:\WINDOWS\System32\ssj1mlm.dll
2015-02-13 12:12 - 2014-04-16 04:22 - 00025600 _____ () C:\WINDOWS\System32\usp01l.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-28 03:00 - 2015-05-01 12:52 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2015-03-06 06:48 - 2015-03-06 06:48 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-17 19:12 - 2010-12-17 19:12 - 00332288 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 19:13 - 2010-12-17 19:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-02-05 14:41 - 2014-09-23 18:19 - 00146736 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2015-05-21 08:06 - 2015-05-13 12:48 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-21 08:06 - 2015-05-13 12:48 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-09 05:31 - 2015-05-09 05:31 - 00143360 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x86__8wekyb3d8bbwe\ErrorReporting.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\.DEFAULT\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
There are 6091 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1482476501-839522115-13943848-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\forests4.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "APSDaemon"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1482476501-839522115-13943848-1004\...\StartupApproved\Run: => "SpeedConnectStartUp"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{C808FA6F-E7DE-49CC-96EA-52EC6EE68F4B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{62FE60B1-2E65-4E7D-85C9-E231B2DCD29C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2BA64ABF-ADFC-4CC0-A9FB-A56C46A963E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{925C9D9F-9890-4336-B7BF-4ADF98ED7042}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5B2D5E2D-3220-4745-B664-0DFAFDF14E87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3605AEAA-1B53-41A5-A8BD-87D58D8AD957}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{256A3397-E8A2-4AA3-892D-F07BE2F5A044}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{FB63C004-3C33-41F0-8DCC-3A3BFD44140D}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{693E6D62-91DD-455C-BFCC-8436D5510FF5}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1EDAF7E5-D531-4839-A094-AAE3D32865A4}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3C1D3B1C-9309-4882-9ED0-21534DB0A1AB}] => (Allow) C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{AEA52734-2992-471E-978A-16FC7DA0456E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F4DA6FD2-32B9-4630-802D-E328E4164E3E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2AED8BB0-4ED3-45C7-B243-2E7CB8DED242}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B59960C5-C4E5-481B-8F66-CCC3F7B99FC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D8B56D85-C086-423A-A78D-8A69500C0C81}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2C2C6076-30C9-4A66-809F-0C6FA45510B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1DE7F0EC-EF6A-4ABC-8B0B-E19F46E65C22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{72534926-470F-4449-AB9E-20A77976276A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{64D0A707-2069-453C-BD7F-AE05E21D1022}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{22EA6F52-2F88-4CF4-B83E-7F7CF7100B14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{383A7EF0-F28E-4480-9E73-46A372C04F03}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47667182-C904-48D5-B1E8-1EA192EBCF96}] => (Allow) LPort=2869
FirewallRules: [{37327685-79E1-4FF5-93D6-0BB945C722CA}] => (Allow) LPort=1900
FirewallRules: [{FF2A046C-5FB2-4CED-A46F-87CFC65DA667}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{B4A31DC0-4549-4AEE-869F-18EAE7ECA12D}] => (Allow) LPort=1542
FirewallRules: [{64AF84C5-9756-481E-BFAB-6CB49FA63B72}] => (Allow) LPort=1542
FirewallRules: [{EAABE6E9-5604-4EBD-A2ED-2C0F88A0CCA7}] => (Allow) LPort=53
FirewallRules: [{09658189-31BD-4F70-A91A-66F982744B49}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A52F341B-B14E-40B1-9C38-DFE8D861386B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F5C8AE57-8BEA-480D-821B-AFA0D56591E0}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3BF0D33C-728E-4749-82B8-C588004521FC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1F173E1D-C17A-4ACA-9C1E-DBC2E98BD766}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{A88BD3DF-43C7-4D1B-B46F-B800E83989BA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{4CC05210-15F2-48D6-A0C4-E70F192BD17E}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{36E4DD6A-6F6F-4751-8BBA-37956E9E8E5C}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1591A859-AAC2-4010-B52C-CAFDACAC408F}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{01408834-9428-43E7-8274-2F877F879C93}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{AB4F1171-A919-4490-90F3-2FCEEFB3B310}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{493B8AC6-6E88-47B9-859F-19CB78C0D8F2}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{58C24C5B-6C13-46FA-B5BA-CC00DE20178D}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C2DEAA2B-0EFB-4B13-A9A9-D610BA2A1FEC}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{092336DE-6BCA-4701-9C10-81495EC9762B}] => (Allow) C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{AB9E1462-E69D-4AFD-B86A-E96961130F76}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F3DF67B4-00C2-4E70-AB95-255951C92BA1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D55889EC-A3FC-422D-8E22-B7CCFDB50C40}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{B0267450-E467-41A8-BC24-1B2ACE0F0A02}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
 
==================== Event log errors: =========================
Application errors:
==================
Error: (05/21/2015 08:23:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e44
Start Time: 01d093b71fa704ba
Termination Time: 0
Application Path: C:\WINDOWS\Explorer.EXE
Report Id: c963816b-ffb3-11e4-b0bd-00e04dacc32c
Faulting package full name:
Faulting package-relative application ID:
Error: (05/21/2015 05:34:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 3a4
Start Time: 01d093a94629f5ad
Termination Time: 22
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 9d4c37a6-ff9c-11e4-b0bb-00e04dacc32c
Faulting package full name:
Faulting package-relative application ID:
Error: (05/20/2015 07:41:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20125
Error: (05/20/2015 07:41:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20125
Error: (05/20/2015 07:41:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/20/2015 07:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15031
Error: (05/20/2015 07:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15031
Error: (05/20/2015 07:41:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/20/2015 07:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12984
Error: (05/20/2015 07:41:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12984
 
System errors:
=============
Error: (05/21/2015 08:35:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek11nSU service failed to start due to the following error:
%%2
Error: (05/21/2015 08:29:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (05/21/2015 07:22:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VPDAgent service terminated unexpectedly. It has done this 1 time(s).
Error: (05/21/2015 07:12:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek11nSU service failed to start due to the following error:
%%2
Error: (05/21/2015 07:11:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Realtek11nSU service failed to start due to the following error:
%%2
Error: (05/21/2015 07:08:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/21/2015 03:59:29 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (05/21/2015 03:59:11 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (05/21/2015 03:05:06 AM) (Source: DCOM) (EventID: 10016) (User: WINDOWS-8)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}WINDOWS-8JohnS-1-5-21-1482476501-839522115-13943848-1004LocalHost (Using LRPC)UnavailableUnavailable
Error: (05/21/2015 02:56:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.
 
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-04-05 20:27:12.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.784
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.767
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.714
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.627
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.565
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.545
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-05 20:27:12.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info ===========================
Processor: AMD Phenom(tm) 9500 Quad-Core Processor
Percentage of memory in use: 62%
Total physical RAM: 3070.55 MB
Available physical RAM: 1165.4 MB
Total Pagefile: 3710.55 MB
Available Pagefile: 1152.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1861.07 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:148.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:220.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 7DD8DC90)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================

CHECKUP.TXT

Results of screen317's Security Check version 1.002
x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Java 7 Update 80
Java 8 Update 45
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.152)
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
 
Hi, John.

I can see where a bit of cleanup can be done but am not seeing anything that would be causing errors. I have seen where using the Advanced mode of Revo has caused problem for others. The C:\ Windows\winsxs folder stores multiple copies of dll‘s in order to let multiple applications run in Windows without any compatibility problem, although I would not expect Revo to touch that folder.

We'll do the cleanup and then you can post the requested logs in the Windows Update forum, which is where errors shown in SFCFix are addressed.

1. Let's start with Java 7 Update 80. I realize it is the latest update for JRE7 but since you have Java 8 installed, unless you really need Java 7, I suggest you uninstall it. This JRE (version 7u80) will expire with the release of the next critical patch update scheduled for July 14, 2015.

2. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
URLSearchHook: HKU\S-1-5-21-1482476501-839522115-13943848-1004 - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKLM - No Name - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> No Name - {82955283-343D-4B6C-BD3C-D147000058C8} - No File
C:\Users\John\pp.dat
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
 
Corrine said:
Hi, John.

I can see where a bit of cleanup can be done but am not seeing anything that would be causing errors. I have seen where using the Advanced mode of Revo has caused problem for others. The C:\ Windows\winsxs folder stores multiple copies of dll‘s in order to let multiple applications run in Windows without any compatibility problem, although I would not expect Revo to touch that folder.

We'll do the cleanup and then you can post the requested logs in the Windows Update forum, which is where errors shown in SFCFix are addressed.

1. Let's start with Java 7 Update 80. I realize it is the latest update for JRE7 but since you have Java 8 installed, unless you really need Java 7, I suggest you uninstall it. This JRE (version 7u80) will expire with the release of the next critical patch update scheduled for July 14, 2015.

2. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
URLSearchHook: HKU\S-1-5-21-1482476501-839522115-13943848-1004 - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKLM - No Name - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> No Name - {82955283-343D-4B6C-BD3C-D147000058C8} - No File
C:\Users\John\pp.dat
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
Click to expand...



Hi Corrine,

Thanks for coming back so quick. Here is the result of the log:


Fix result of Farbar Recovery Scan Tool (x86) Version: 21-05-2015
Ran by John at 2015-05-22 05:22:02 Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available profiles: John)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
URLSearchHook: HKU\S-1-5-21-1482476501-839522115-13943848-1004 - (No Name) - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKLM - No Name - {82955283-343d-4b6c-bd3c-d147000058c8} - No File
Toolbar: HKU\S-1-5-21-1482476501-839522115-13943848-1004 -> No Name - {82955283-343D-4B6C-BD3C-D147000058C8} - No File
C:\Users\John\pp.dat
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\John\SkyDrive:ms-properties
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key Deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{82955283-343d-4b6c-bd3c-d147000058c8} => value Deleted successfully.
HKU\S-1-5-21-1482476501-839522115-13943848-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{82955283-343d-4b6c-bd3c-d147000058c8} => value Deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{82955283-343d-4b6c-bd3c-d147000058c8} => value Deleted successfully.
HKCR\CLSID\{82955283-343d-4b6c-bd3c-d147000058c8} => Key not found.
HKU\S-1-5-21-1482476501-839522115-13943848-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{82955283-343D-4B6C-BD3C-D147000058C8} => value Deleted successfully.
HKCR\CLSID\{82955283-343D-4B6C-BD3C-D147000058C8} => Key not found.
C:\Users\John\pp.dat => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\John\SkyDrive => ":ms-properties" ADS removed successfully.
EmptyTemp: => Removed 1.8 GB temporary data.
 
The system needed a reboot.
==== End of Fixlog 05:26:23 ====
 
You're welcome, John, although I only provided information for a bit of cleanup as I originally indicated. After cleaning up the tools/logs created in this process, you're going to need assistance with the SFCFix and CBS logs.

Please do the following:

1. Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log.

2. Create a new topic in the Windows Update forum, following the instructions here: Windows Update Forum Posting Instructions. Provide a link to this topic so the person helping you will see what has already been done.
 
I goofed and did not 'save' the first Delfix, as I had errors. See Screenshot. There are six errors this is the first, all are similar. I think this should be fixed before I go to the Update Forum. I will be glad to send the other five. Let me know. Please advice how to proceed. And have a great Memorial Day weekend ~ John

# DelFix v1.010 - Logfile created 22/05/2015 at 19:04:20
# Updated 26/04/2015 by Xplode
# Username : John - WINDOWS-8
# Operating System : Windows 8.1 Pro (32 bits)
~ Removing disinfection tools ...
 
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #137 [End of disinfection | 05/22/2015 22:59:28]
New restore point created !
########## - EOF - ##########


View attachment 12537
 
Since DelFix didn't create a new Restore Point, please create one now.

Go ahead and check your desktop. Delete any that you find: FRST, Frst.txt, Addition.txt, Security Check, fixlist.txt and the downloaded DelFix.
 
Hi, John.

Since you indicated that SFC fixed corrupt files this time around, are you able to export the registry now?
 
Hi, John.

Are you having a problem installing Windows Updates or other SFC errors? If so, then, yes, follow the instructions for posting in the Windows Update forum.
 
Hi Corrine,

I am doing fine now. Thank you very much. You can close this thread. And any day now I will post a problem Win 7 computer too :). Have a great Memorial Day!
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top