Hello everyone!
I am helping my parents with their computer. They have numerous pop up ads that come up at varying times. Also, the main problem is a pop up that states to call a 1-888 number for virus removal. Please be aware that my father DID call this number and was scammed (at a much earlier time). My father took the computer into a local computer store, they installed Kaspersky and assured my dad that the virus/spyware was gone. Sadly, it isn't, and the problem is still occurring. Any help/suggestions you all have would be much appreciated.
Thank you!
Emily
Results from scans are below:
aswMBR.txt results:
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-06-23 15:45:51
-----------------------------
15:45:51.284 OS Version: Windows x64 6.2.9200
15:45:51.284 Number of processors: 4 586 0x1301
15:45:51.284 ComputerName: JIMMY UserName: Jimmy
15:45:52.847 Initialize success
15:45:52.909 VM: initialized successfully
15:45:52.909 VM: Amd CPU supported
15:47:02.988 AVAST engine defs: 15062303
15:47:09.691 The log file has been saved successfully to "C:\Users\Jimmy\Desktop\aswMBR.txt"
Addition.txt results:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Jimmy at 2015-06-23 15:52:25
Running from C:\Users\Jimmy\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3248614269-2365583644-2367617342-500 - Administrator - Disabled)
Guest (S-1-5-21-3248614269-2365583644-2367617342-501 - Limited - Disabled)
Jimmy (S-1-5-21-3248614269-2365583644-2367617342-1001 - Administrator - Enabled) => C:\Users\Jimmy
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B38CC495-7657-3D5A-80C2-8D6E0ED8E638}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mediatek Bluetooth stack (HKLM-x32\...\{B39E1237-AB91-4DAE-BB8A-F7EF19C7BA2A}) (Version: 11.0.751.0 - Mediatek)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.48.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
WSE_Vosteran (HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3248614269-2365583644-2367617342-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
==================== Restore Points =========================
07-06-2015 19:40:14 HPSF Applying updates
17-06-2015 02:15:51 Scheduled Checkpoint
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0892167E-14DD-4957-B0E1-2FC91F09BA77} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {10EBCD94-5792-4E7F-BAA3-23703401AF1C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {1BEABDB5-04FD-402B-9D5D-92B482EE38D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-23] (Google Inc.)
Task: {27B8D544-E948-4833-A53A-1BE0501430CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {4B2CF7DA-C56D-4399-B853-A5EA86069E03} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN282163FC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)
Task: {52123E51-D577-465B-AF0F-A2EB05EBD431} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {71CD894E-CDD7-4A94-909D-09BBAB271021} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {72B2C2A0-CE82-4AD6-9D1D-D901E30F9882} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {730E8881-E833-4749-8AF1-2514BD2CFF7F} - System32\Tasks\HP AR Program Upload - fd404fd220644d2ca52a4d51ff65ae94851e567ea7b8459298ab3d05d8a3cfbf => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {76340828-7BCF-445F-B87F-A65EB726BEA2} - System32\Tasks\HP AR Program Upload - 79592bd1b35541b8b890921c3269f9f97d28d1e25e524676a1246ac3803c79fd => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {76C279EF-D57E-4DB4-8CD0-476B49E9EF5A} - System32\Tasks\HP AR Program Upload - eb08f810c5ff422cb3e2d54094515c01143c1b9c0fc94a2ab45fb4dffeccf9d7 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {770284BE-F885-45BB-8090-BD1CA35A65FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7768B8C7-23FB-4859-BA04-5C7A95A41905} - System32\Tasks\HP AR Program Upload - c7e12f1a53fd4beca60eb10aa87cd6192851a506c7314620b464a4e92bad2bae => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {78FF8DD5-EA2F-422E-90DF-1AD6E56E2B46} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {7ED2BD61-F293-4389-812D-17811387A281} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7F4C28AA-9620-48F3-8982-848C33AF0EAD} - System32\Tasks\HP AR Program Upload - befab001e6774730b550abce45a514ec8b5f244ff4d241738fd4922fc7e8eb30 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {84AA4E31-81C6-4179-95B6-AA9490522E75} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {9E7F514F-9C9C-4673-9220-9A70E6FEDE7A} - System32\Tasks\HP AR Program Upload - ccbd853cdf194354a0dbe69f92ea632c15ccb80222ba41cebd9fbbc2e585d8e6 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {9EE9C123-9C0E-4D56-9AA8-99F30C179B47} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A000AB78-3345-432E-B486-0B38F4F019CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A0376A1E-4475-470D-B9DF-BE70A60B2257} - System32\Tasks\Woamivsneule => C:\ProgramData\Woamivsneule\1.0.1.0\maonsoxi.exe [2015-05-20] ()
Task: {AB89ECD3-E69F-49D1-B577-CB32C4B51E54} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {B27354C1-BA0F-4EFE-9947-E60AEDCBA86A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B9F94AE4-6198-4E1B-8EB1-551B568C740D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BE59FA2A-832C-4C91-8E78-8E75EB4869F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JIMMY-Jimmy Jimmy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {CB021A6B-3554-4898-9E37-392A386A4AE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-23] (Google Inc.)
Task: {CE57002F-4C25-45B2-ACF4-E23469ED25D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-21] (Microsoft Corporation)
Task: {DB6F9071-F254-4A63-9748-70863DDD9EEF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E259D44A-C0FD-4A46-A6E1-654A62A94E81} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E31F8A3E-1F97-42AF-B197-4693AFEA5CA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)
Task: {EF88A9CE-5A06-440C-B852-891380F35CBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {F1E8F745-99F8-4403-9BEB-55AAB7CCAFFD} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {F38DF044-B8EF-45B3-997F-3EAB61CAC6CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F6CEE726-49F8-47FC-A628-3CD64A2C8939} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {F7E72050-4532-44A2-80F3-76B4EA17DF4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-08] (Hewlett-Packard)
Task: {FBAE8A20-B5D7-41CF-9D1D-D6D2C5F79F2E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\windows\Tasks\HPCeeScheduleForJimmy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\WSE_Vosteran.job => C:\Users\Jimmy\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 06:22 - 2013-09-05 06:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 06:24 - 2013-09-05 06:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-05 06:24 - 2013-09-05 06:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 06:21 - 2013-09-05 06:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 06:21 - 2013-09-05 06:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 06:21 - 2013-09-05 06:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 06:36 - 2013-09-05 06:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 06:36 - 2013-09-05 06:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-21 04:03 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-20 18:29 - 2015-05-20 18:29 - 00161280 _____ () C:\ProgramData\Woamivsneule\1.0.1.0\maonsoxi.exe
2015-03-17 06:17 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 06:31 - 2013-09-05 06:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-06-05 18:51 - 2013-06-05 18:51 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\kpcengine.2.3.dll
2013-12-12 01:14 - 2013-08-05 02:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Jimmy\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\...\StartupApproved\Run: => "ShopAtHomeUpdater"
HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\...\StartupApproved\Run: => "ShopAtHomeWatcher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D7132486-DDA9-4C88-9A12-EBB475922411}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{B9344EC7-1C1D-4C9A-87E1-8B394203B427}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{1F79DE9E-99A9-436A-91F7-9272B8D5C7B6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1D831368-B8B5-4F3B-A898-BFBDE8240162}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C132B5D2-3C12-49C4-A38E-442A639DA168}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0A33061-BDDF-4CE3-BA7C-9CB8C18F0AE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C8FE182-D9FE-46DD-8DE0-BC5116D0FC13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98CDC268-0652-48E0-AEFD-A2252D9EB32D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7468C327-7AC4-4650-A603-01EF08AA54AC}] => (Allow) LPort=2869
FirewallRules: [{2C428B67-E58D-4AF8-B98D-3214CC422F46}] => (Allow) LPort=1900
FirewallRules: [{5D93C0CC-26F6-4D7C-B433-4DDD54376F8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DCE1C533-7ABD-4929-A384-127720A803B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{026D790F-CEBC-4884-9C23-D8B8D2BCB858}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{22807791-10FC-4918-9784-9407F1A65CA9}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{894653FB-1E6E-412F-A147-A7B17E6CE0C1}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8DADB84D-B170-4F79-AB65-5136BA342639}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{213F5C57-DE9F-4EB5-A5D8-F3B95F32D83A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{4ECAC49A-FF71-4F46-ADC5-A8EC713B188E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{EEEC0A17-6459-471C-B507-12E6AB27600D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{C879BAA0-A1DC-4D16-A259-8DE8FEF37863}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2566CB3E-1886-4EE3-AD7C-5315349A6760}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FDC7E100-7494-42D9-BFF9-9987651A6B48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E56F5532-ED7A-44B2-9BFC-4CA417972B26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3D50E73D-4D4C-46A3-BE21-465DDC425D41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{EEDA3EFD-0703-46D4-A116-DBA67637E34D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{37EDCAC2-5DBC-4F8D-81F0-A693A4998CBF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{8181071F-A18A-4202-B713-A41AC7D6A85C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3165F6C4-1D30-480A-A286-2D565FC11DD9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9A067B5C-359D-4F5D-90AD-C3FECF142BFC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{F119B02C-2383-4E96-AA9A-E8E0F8E75665}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{E408F134-EFC1-4506-9D29-5CB4DCC8B8B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{112F5958-A07E-4587-AD20-84CF06EBD568}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{DD374A00-FDA1-41AE-86CE-BCDE343812DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{E4D6BDD1-B3FD-419A-9D7D-9FB4DFD943C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{35BAB1CD-C965-4286-928B-F8A235DB0697}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F32CB872-75E4-47CF-9967-B8DF4886DFF4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6FBE22F8-F544-48C4-8704-681D1B1009A4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{0DE6B109-61CB-4477-AA0D-645B722385AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2015 04:26:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/22/2015 04:19:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/21/2015 00:19:18 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Word.
Error: (06/21/2015 00:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: glcnd.exe, version: 6.3.9600.17499, time stamp: 0x54753656
Faulting module name: glcnd.exe, version: 6.3.9600.17499, time stamp: 0x54753656
Exception code: 0xc0000005
Fault offset: 0x00000000004f0d8f
Faulting process id: 0x1180
Faulting application start time: 0xglcnd.exe0
Faulting application path: glcnd.exe1
Faulting module path: glcnd.exe2
Report Id: glcnd.exe3
Faulting package full name: glcnd.exe4
Faulting package-relative application ID: glcnd.exe5
Error: (06/21/2015 03:47:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/19/2015 11:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1576) SRUJet: Database recovery/restore failed with unexpected error -1216.
Error: (06/19/2015 11:00:00 PM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (1576) SRUJet: Database recovery failed with error -1216 because it encountered references to a database, 'C:\windows\system32\SRU\SRUDB.dat', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.
Error: (06/19/2015 10:00:00 PM) (Source: ESENT) (EventID: 470) (User: )
Description: svchost (1572) SRUJet: Database C:\windows\system32\SRU\SRUDB.dat is partially attached. Attachment stage: 3. Error: -1019.
Error: (06/19/2015 10:00:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (1572) SRUJet: The database page read from the file "C:\windows\system32\SRU\SRUDB.dat" at offset 8192 (0x0000000000002000) (database page 1 (0x1)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/19/2015 08:00:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Winword.exe version 15.0.4717.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d40
Start Time: 01d0aaf480f8547d
Termination Time: 15
Application Path: C:\Program Files\Microsoft Office 15\root\Office15\Winword.exe
Report Id: ca2a1d6d-16e7-11e5-82f5-543530195ad8
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/23/2015 11:22:21 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:03:51 AM on 6/23/2015 was unexpected.
Error: (06/23/2015 11:03:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:00:30 AM on 6/23/2015 was unexpected.
Error: (06/23/2015 11:00:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:43:19 AM on 6/23/2015 was unexpected.
Error: (06/22/2015 08:42:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062
Error: (06/22/2015 04:42:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The gkyyZUCYq service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (06/22/2015 04:39:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The gkyyZUCYq service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (06/19/2015 10:11:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
%%1070
Error: (06/19/2015 10:11:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
Error: (06/19/2015 10:10:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
Error: (06/19/2015 07:11:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office:
=========================
Error: (06/23/2015 04:26:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/22/2015 04:19:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/21/2015 00:19:18 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft WordWord couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
Do you want to start in safe mode?
Error: (06/21/2015 00:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: glcnd.exe6.3.9600.1749954753656glcnd.exe6.3.9600.1749954753656c000000500000000004f0d8f118001d0ac456d0ffcd5C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exeC:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe98297a8a-1839-11e5-82f8-543530195ad8Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbweMicrosoft.Reader
Error: (06/21/2015 03:47:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8
Error: (06/19/2015 11:00:00 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost1576SRUJet: -1216
Error: (06/19/2015 11:00:00 PM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost1576SRUJet: -1216C:\windows\system32\SRU\SRUDB.dat
Error: (06/19/2015 10:00:00 PM) (Source: ESENT) (EventID: 470) (User: )
Description: svchost1572SRUJet: C:\windows\system32\SRU\SRUDB.dat3-1019
Error: (06/19/2015 10:00:00 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost1572SRUJet: C:\windows\system32\SRU\SRUDB.dat8192 (0x0000000000002000)4096 (0x00001000)-1019 (0xfffffc05)1 (0x1)
Error: (06/19/2015 08:00:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Winword.exe15.0.4717.1000d4001d0aaf480f8547d15C:\Program Files\Microsoft Office 15\root\Office15\Winword.execa2a1d6d-16e7-11e5-82f5-543530195ad8
==================== Memory info ===========================
Processor: AMD A10-6700 APU with Radeon HD Graphics
Percentage of memory in use: 17%
Total physical RAM: 11461.11 MB
Available physical RAM: 9464.05 MB
Total Pagefile: 13189.11 MB
Available Pagefile: 11022.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1846.24 GB) (Free:1733.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.3 GB) (Free:1.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: AD8E9BC5)
Partition: GPT Partition Type.
==================== End of log ============================
FRST.txt results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Jimmy (administrator) on JIMMY on 23-06-2015 15:51:35
Running from C:\Users\Jimmy\Downloads
Loaded Profiles: Jimmy (Available Profiles: Jimmy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Interesting Solutions) C:\ProgramData\uCYrryJvt\gkyyZUCYq.exe
() C:\ProgramData\Woamivsneule\1.0.1.0\maonsoxi.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avpui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
() C:\ProgramData\Woamivsneule\1.0.1.0\maonsoxi.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-05-12] (Hewlett-Packard )
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-05-12] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\...\RunOnce: [Application Restart #3] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> {81D7FB07-7C1B-41E1-AFDC-E31E253CC59D} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {81D7FB07-7C1B-41E1-AFDC-E31E253CC59D} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3248614269-2365583644-2367617342-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\x64\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\IEExt\ie_plugin.dll [2014-12-03] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\4dmlb3bc.default
FF DefaultSearchEngine: Vosteran
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-24] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-04-08] ()
FF user.js: detected! => C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\4dmlb3bc.default\user.js [2015-02-16]
FF SearchPlugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\4dmlb3bc.default\searchplugins\Vosteran.xml [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-24]
Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-23]
CHR Extension: (Google Drive) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-23]
CHR Extension: (Google Search) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-23]
CHR Extension: (Kaspersky Protection) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-23]
CHR Extension: (Gmail) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-23]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKU\S-1-5-21-3248614269-2365583644-2367617342-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-26] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-26] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)
R2 gkyyZUCYq; C:\ProgramData\uCYrryJvt\gkyyZUCYq.exe [2726248 2014-12-15] (Interesting Solutions)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-05-12] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [800440 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-03] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2512016 2014-06-13] (MediaTek Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2013-12-27] (Ralink Technology, Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 aswMBR; \??\C:\Users\Jimmy\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Jimmy\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 15:51 - 2015-06-23 15:52 - 00019849 _____ C:\Users\Jimmy\Downloads\FRST.txt
2015-06-23 15:48 - 2015-06-23 15:51 - 00000000 ____D C:\FRST
2015-06-23 15:48 - 2015-06-23 15:48 - 02109952 _____ (Farbar) C:\Users\Jimmy\Downloads\FRST64.exe
2015-06-23 15:48 - 2015-06-23 15:48 - 01148928 _____ (Farbar) C:\Users\Jimmy\Downloads\FRST.exe
2015-06-23 15:47 - 2015-06-23 15:47 - 00000546 _____ C:\Users\Jimmy\Desktop\aswMBR.txt
2015-06-23 15:45 - 2015-06-23 15:45 - 05198336 _____ (AVAST Software) C:\Users\Jimmy\Downloads\aswMBR.exe
2015-06-22 19:23 - 2015-06-22 19:23 - 00001185 _____ C:\Users\Jimmy\Desktop\Continue Samsung Kies Installation.lnk
2015-06-22 19:18 - 2015-06-22 19:18 - 00711808 _____ (Internet ) C:\Users\Jimmy\Downloads\SamsungKiesSetup.exe
2015-06-22 16:47 - 2015-06-22 16:52 - 00000000 ____D C:\Users\Jimmy\Documents\Add-in Express
2015-06-22 16:47 - 2015-06-22 16:48 - 00000000 ____D C:\Users\Jimmy\AppData\Local\WinZip
2015-06-22 16:47 - 2015-06-22 16:47 - 00002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-06-22 16:47 - 2015-06-22 16:47 - 00002300 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-06-22 16:47 - 2015-06-22 16:47 - 00000000 ____D C:\ProgramData\WinZip
2015-06-22 16:47 - 2015-06-22 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-06-22 16:47 - 2015-06-22 16:47 - 00000000 ____D C:\Program Files\WinZip
2015-06-21 12:15 - 2015-06-21 12:15 - 00001156 _____ C:\Users\Jimmy\Downloads\Jimmy (1).PDF - Shortcut.lnk
2015-06-09 17:22 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-09 17:22 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-09 17:22 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-09 17:22 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-09 17:22 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-09 17:22 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-09 17:22 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-09 17:22 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-09 17:22 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-09 17:22 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-09 17:22 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-09 17:22 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-09 17:22 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-09 17:22 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-09 17:22 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-09 17:22 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-09 17:22 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-09 17:22 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-09 17:22 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-09 17:22 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-09 17:22 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-09 17:22 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-09 17:22 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-09 17:22 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-09 17:22 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-09 17:22 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-09 17:22 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-09 17:22 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-09 17:22 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-09 17:22 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-09 17:22 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-09 17:22 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-09 17:22 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-09 17:22 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-09 17:22 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-09 17:22 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-09 17:22 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-09 17:22 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-09 17:22 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-09 17:22 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-09 17:22 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-09 17:22 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-09 17:22 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-09 17:22 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-09 17:22 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-09 17:22 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-09 17:22 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-09 17:22 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-09 17:22 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-09 17:22 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-09 17:22 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-09 17:22 - 2015-04-08 17:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-09 17:22 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-09 17:22 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-09 17:22 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-09 17:22 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-09 17:22 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-09 17:22 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-09 17:22 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-09 17:22 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-09 17:22 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-09 17:22 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-09 17:22 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:22 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-09 17:22 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-09 17:22 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-09 17:22 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-09 17:22 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-09 17:22 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-09 17:22 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-09 17:22 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-09 17:22 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-09 17:22 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-04 18:41 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-04 18:41 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-04 18:41 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-04 18:41 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-04 18:41 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-04 18:41 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-04 18:41 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-04 18:41 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-01 20:07 - 2015-06-01 20:07 - 00030497 _____ C:\Users\Jimmy\Downloads\_10 WF funding- June 2015.xlsx
2015-06-01 08:56 - 2015-06-01 08:56 - 00000000 ____D C:\Users\Jimmy\AppData\Local\GWX
2015-05-27 12:57 - 2015-05-27 12:57 - 00003546 _____ C:\windows\System32\Tasks\HP AR Program Upload - fd404fd220644d2ca52a4d51ff65ae94851e567ea7b8459298ab3d05d8a3cfbf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 15:48 - 2015-01-20 22:48 - 00000304 _____ C:\windows\Tasks\WSE_Vosteran.job
2015-06-23 15:47 - 2014-01-28 09:08 - 00004962 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JIMMY-Jimmy Jimmy
2015-06-23 15:44 - 2015-04-22 13:07 - 01308202 _____ C:\windows\WindowsUpdate.log
2015-06-23 15:42 - 2014-12-23 12:21 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 15:37 - 2014-01-25 13:29 - 00000000 ___DO C:\Users\Jimmy\SkyDrive
2015-06-23 15:35 - 2014-01-25 14:34 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{84580C3A-48EE-49B0-9DFB-4B13DDD60DEF}
2015-06-23 15:27 - 2015-05-20 18:29 - 00003426 _____ C:\windows\System32\Tasks\Woamivsneule
2015-06-23 15:22 - 2014-12-22 15:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-23 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\sru
2015-06-23 11:27 - 2013-08-24 16:38 - 00891920 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-23 11:22 - 2015-04-23 18:58 - 00018058 _____ C:\windows\setupact.log
2015-06-23 11:22 - 2014-12-23 12:21 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-23 11:22 - 2013-08-22 09:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-23 11:04 - 2014-01-25 13:25 - 00000000 ____D C:\Users\Jimmy
2015-06-23 08:57 - 2013-08-22 08:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-06-22 20:42 - 2013-08-22 08:25 - 00524288 ___SH C:\windows\system32\config\BBI
2015-06-22 17:22 - 2014-01-25 13:33 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3248614269-2365583644-2367617342-1001
2015-06-22 16:48 - 2015-05-09 17:15 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForJimmy.job
2015-06-22 15:43 - 2014-12-23 12:21 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 14:50 - 2015-03-28 16:51 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Windows Live
2015-06-21 19:08 - 2014-01-26 20:03 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-06-21 12:19 - 2014-01-25 13:27 - 00000000 ____D C:\Users\Jimmy\AppData\Local\Packages
2015-06-21 03:48 - 2013-08-22 10:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-12 02:37 - 2013-08-22 10:36 - 00000000 ____D C:\windows\rescache
2015-06-10 21:06 - 2013-08-22 10:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-10 19:23 - 2014-11-15 17:05 - 00000000 __SHD C:\Users\Jimmy\AppData\Local\EmieBrowserModeList
2015-06-10 19:23 - 2014-05-03 13:37 - 00000000 __SHD C:\Users\Jimmy\AppData\Local\EmieUserList
2015-06-10 19:23 - 2014-05-03 13:37 - 00000000 __SHD C:\Users\Jimmy\AppData\Local\EmieSiteList
2015-06-10 19:20 - 2013-08-22 09:44 - 00494928 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-10 19:18 - 2013-08-22 10:36 - 00000000 ___RD C:\windows\ToastData
2015-06-10 19:18 - 2013-08-22 10:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-09 22:15 - 2014-01-29 04:38 - 00000000 ____D C:\windows\system32\MRT
2015-06-09 22:15 - 2013-08-22 10:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-09 22:13 - 2014-01-29 04:38 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-07 19:41 - 2013-12-12 01:55 - 00000000 ____D C:\windows\Hewlett-Packard
2015-06-07 19:41 - 2013-09-02 23:57 - 00000000 ____D C:\SWSETUP
2015-06-05 02:43 - 2014-12-13 10:35 - 00000000 ____D C:\windows\system32\appraiser
2015-06-05 02:43 - 2014-07-11 13:07 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-03 11:18 - 2014-09-14 05:46 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 11:18 - 2014-09-14 05:46 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-01-25 15:23 - 2014-01-25 15:23 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Jimmy\AppData\Local\Temp\Extract.exe
C:\Users\Jimmy\AppData\Local\Temp\ICReinstall_SamsungKiesSetup.exe
C:\Users\Jimmy\AppData\Local\Temp\SP71319.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-20 03:13
==================== End of log ============================