1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow Computer... MalwareBytes can't scan.

Discussion in 'Virus & Other Malware Removal' started by Android, Jul 28, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    My five + year old laptop is slow enough as it is. I needed a WAV to MP3 converter, downloaded & installed one off of an unknown website, and along come alot of other baggage attached. Some strange "Geek" online chat with computer "experts" with the program notifying me of malware, etc. I should have known better.

    Anyway, MalwareBytes can't scan (JPG attached), it stays at a very early scan state at 19+ hours where as just a week before it would completely scan within an hour. Also my laptop slows to a crawl at times, stops for minutes at times. Please help.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Basic, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) Processor 2650e, x64 Family 15 Model 127 Stepping 2
    Processor Count: 1
    RAM: 2813 Mb
    Graphics Card: ATI Radeon X1200, 256 Mb
    Hard Drives: C: Total - 71191 MB, Free - 5242 MB; D: Total - 71188 MB, Free - 5314 MB;
    Motherboard: Acer, Nile
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     

    Attached Files:

  2. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
  3. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    Please Help.
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,675
    Hi Android,
    ---------------------------------------------
    You have insufficient free space on the C: drive for Vista to run properly.
    You need about 10Gb free.
    I would offload anything you can to other media, like DVD, flash, external drive, etc.
    Videos, photos, and music all take a lot of space.
    I would remove any .wav files for which you still have the music CDs. They can be recreated later.
    If you Uninstall any programs, please let me know, so I can keep track of what's on there.
    You don't need to keep trying to scan with MBAM. We will take care of that in due time.
    ----------------------------------------------
    Download and Run Temp File Cleaner (TFC.exe)
    Download Temp File Cleaner and save it to your desktop.
    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
    Right click the TFC icon and choose Run as administrator.
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.
    You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.

    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST and save to your Desktop.
    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST.exe
    Feel free to use separate replies if it's more convenient.

    So we are looking for the two logs from FRST.
    askey127
     
  5. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    Well I cleared about 10 GB off of the C drive, and TFC found about 2 GB more in temporary files that I guess was also deleted. Here are the posts from the FRST logs...

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015
    Ran by Andrew Maul (administrator) on ANDREWMAUL-PC (31-07-2015 17:23:52)
    Running from C:\Users\Andrew Maul\Downloads
    Loaded Profiles: Andrew Maul (Available Profiles: Andrew Maul)
    Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
    (NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\ACER\Mobility Center\MobilityService.exe
    (NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-02] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-21] (Synaptics, Inc.)
    HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [846344 2008-07-22] (Dritek System Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2008-12-04] (Google)
    HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-26] ()
    HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
    HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-19] (RealNetworks, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-07-15] (Google Inc.)
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Run: [Google Update] => C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-06] (Google Inc.)
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2008-12-04] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk [2012-08-25]
    ShortcutTarget: Auto run of VideoCam Suite 1.0.lnk -> C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Upgrade Assistant.lnk [2015-05-22]
    ShortcutTarget: Verizon Wireless Software Upgrade Assistant.lnk -> C:\Users\Andrew Maul\AppData\Roaming\Verizon\SUA\VZWSUAM.exe (Samsung Electronics Co. Ltd.)
    Startup: C:\Users\Andrew Maul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-03-27]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicyUsers\S-1-5-21-2636645638-1367612892-662724275-1001\User: Group Policy Restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-2636645638-1367612892-662724275-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2636645638-1367612892-662724275-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation)
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2636645638-1367612892-662724275-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
    Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1}: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Andrew Maul\AppData\Roaming\Mozilla\Firefox\Profiles\ygpohe3x.default-1428510776651
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Yahoo!
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-19] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-19] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=1.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andrew Maul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @talk.google.com/O1DPlugin -> C:\Users\Andrew Maul\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-19] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-19] (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Users\Andrew Maul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Andrew Maul\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2013-08-30]
    FF Extension: Yahoo! Toolbar - C:\Users\Andrew Maul\AppData\Roaming\Mozilla\Firefox\Profiles\ygpohe3x.default-1428510776651\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-04-10]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-07-07]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-07-07]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-19]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR Profile: C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
    CHR Extension: (Google Docs) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
    CHR Extension: (Google Drive) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
    CHR Extension: (YouTube) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
    CHR Extension: (Google Search) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
    CHR Extension: (Google Sheets) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
    CHR Extension: (RealDownloader) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-04-06]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
    CHR Extension: (Google Wallet) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-06]
    CHR Extension: (Gmail) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
    R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
    R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
    S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2008-12-04] (Google) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
    R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-26] (NewTech InfoSystems, Inc.) [File not signed]
    R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-26] () [File not signed]
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 Rsupport RemoteCall Session Manager; C:\Users\Public\Documents\RSupport\rcc50\rcsemgru.exe [391024 2013-02-28] (Rsupport Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
    S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [129552 2008-08-06] (AMD Technologies Inc.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-22] (AVG Technologies)
    R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
    R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
    S3 LaCieFWFilter; C:\Windows\System32\DRIVERS\LaCieFWFilter.sys [14848 2005-10-18] (LaCie Group S.A.) [File not signed]
    R3 LaCieUSBFilter; C:\Windows\System32\DRIVERS\LaCieUSBFilter.sys [15872 2005-10-19] (LaCie Group) [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
    R1 MpKsle0747061; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCD5918A-B1BE-4E1A-823E-8764EB3B4430}\MpKsle0747061.sys [39168 2015-07-31] (Microsoft Corporation)
    S3 rssasnt; C:\Users\Public\Documents\RSupport\rcc50\rssasnt.sys [12656 2012-10-11] (Rsupport Co.,Ltd)
    S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
    R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [11296 2014-09-01] (Rsupport Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\ANDREW~1\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-31 17:23 - 2015-07-31 17:24 - 00022387 _____ C:\Users\Andrew Maul\Downloads\FRST.txt
    2015-07-31 17:23 - 2015-07-31 17:23 - 00000000 ____D C:\FRST
    2015-07-31 17:22 - 2015-07-31 17:22 - 01673216 _____ (Farbar) C:\Users\Andrew Maul\Downloads\FRST.exe
    2015-07-31 11:28 - 2015-07-31 11:28 - 00448512 _____ (OldTimer Tools) C:\Users\Andrew Maul\Downloads\TFC.exe
    2015-07-31 10:46 - 2015-07-31 10:46 - 00000036 _____ C:\Users\Andrew Maul\AppData\Local\housecall.guid.cache
    2015-07-31 10:45 - 2015-07-31 10:45 - 02073512 _____ (Trend Micro Inc.) C:\Users\Andrew Maul\Downloads\HousecallLauncher.exe
    2015-07-28 07:04 - 2015-07-28 07:04 - 00509440 _____ (Tech Support Guy System) C:\Users\Andrew Maul\Downloads\SysInfo.exe
    2015-07-27 08:36 - 2015-07-27 08:37 - 00281468 _____ C:\Users\Andrew Maul\Documents\Fabulous Hell.odp
    2015-07-24 20:47 - 2015-07-24 20:44 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-07-24 20:45 - 2015-07-24 20:45 - 00000000 ____D C:\Program Files\Common Files\Java
    2015-07-24 20:43 - 2015-07-24 20:43 - 00000000 ____D C:\ProgramData\Oracle
    2015-07-24 19:29 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-07-24 19:29 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-07-24 19:29 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-07-24 19:28 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-07-24 19:27 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-07-24 19:27 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-07-24 19:27 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-07-24 19:05 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-07-24 19:04 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-07-24 19:04 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-07-24 19:04 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-07-24 19:04 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-07-24 19:04 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-07-24 19:04 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-07-24 19:04 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-07-24 19:04 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-07-23 11:08 - 2015-07-23 12:33 - 00016441 _____ C:\Users\Andrew Maul\Documents\2012 Msgs AC.kristal
    2015-07-19 01:01 - 2015-07-21 11:44 - 00000643 _____ C:\Users\Andrew Maul\Desktop\Good Late Proof Coins.txt
    2015-07-15 19:34 - 2015-07-18 00:34 - 00000107 _____ C:\Users\Andrew Maul\AppData\Roaming\WB.CFG
    2015-07-15 18:52 - 2015-07-15 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WAV To MP3 Converter
    2015-07-15 18:52 - 2015-07-15 18:52 - 00000000 ____D C:\Program Files\WAVToMP3Converter
    2015-07-15 18:50 - 2015-07-15 18:50 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Shortcut
    2015-07-15 18:49 - 2015-07-15 18:49 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Opera Software
    2015-07-15 18:49 - 2015-07-15 18:49 - 00000000 ____D C:\Users\Andrew Maul\AppData\Local\Opera Software
    2015-07-15 18:40 - 2015-07-24 20:10 - 00000000 ____D C:\Program Files\Opera
    2015-07-15 18:34 - 2015-07-31 16:34 - 00000346 _____ C:\Windows\Tasks\UpdateTask.job
    2015-07-15 18:33 - 2015-07-18 17:06 - 00002002 _____ C:\Users\Andrew Maul\Desktop\Chromium.lnk
    2015-07-15 18:32 - 2015-07-15 18:33 - 00000000 ____D C:\Users\Andrew Maul\AppData\Local\Chromium
    2015-07-15 18:32 - 2015-07-15 18:32 - 00000000 ____D C:\ProgramData\COMODO
    2015-07-15 18:32 - 2015-07-15 18:32 - 00000000 ____D C:\Program Files\COMODO
    2015-07-15 18:20 - 2015-07-15 18:20 - 00772740 _____ ( ) C:\Users\Andrew Maul\Downloads\wavtomp3_setup [1].exe
    2015-07-15 17:50 - 2015-07-15 18:52 - 00000000 ____D C:\Program Files\globalUpdate
    2015-07-15 17:50 - 2015-07-15 17:50 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-07-15 17:50 - 2015-07-15 17:50 - 00000000 ____D C:\Users\Andrew Maul\AppData\Local\globalUpdate
    2015-07-15 17:35 - 2015-07-15 17:35 - 03052773 _____ C:\Windows\system32\Caroline 2015.07.14
    2015-07-15 17:07 - 2015-07-23 11:33 - 00000000 ____D C:\Users\Andrew Maul\Documents\Media
    2015-07-15 03:41 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-07-15 03:41 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-07-15 03:40 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-07-15 03:40 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-07-15 03:40 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-07-15 03:40 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-07-15 03:40 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-07-15 03:40 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-07-15 03:40 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-07-15 03:40 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-07-15 03:40 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-07-15 03:40 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-07-13 20:53 - 2015-07-13 20:55 - 00000000 ____D C:\Users\Andrew Maul\Desktop\Adobe Acrobat X
    2015-07-09 14:20 - 2015-07-09 14:20 - 00000378 _____ C:\Users\Andrew Maul\Desktop\Desktop old - Shortcut.lnk
    2015-07-09 11:03 - 2015-07-23 11:07 - 00017558 _____ C:\Users\Andrew Maul\Documents\20150709 Home Answerer.kristal
    2015-07-07 16:22 - 2015-07-08 17:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-07-07 12:29 - 2015-07-07 12:29 - 00218129 _____ C:\Users\Andrew Maul\Downloads\h2testw_1.4.zip
    2015-07-07 12:05 - 2015-07-07 12:33 - 00000000 ____D C:\Users\Andrew Maul\Downloads\Check microSD chips
    2015-07-07 12:04 - 2015-07-07 12:04 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Template
    2015-07-07 12:04 - 2015-07-07 12:04 - 00000000 _____ C:\Users\Andrew Maul\AppData\Roaming\wklnhst.dat
    2015-07-07 11:58 - 2015-07-07 11:58 - 01062749 _____ (Igor Pavlov) C:\Users\Andrew Maul\Downloads\7z1505.exe
    2015-07-07 11:58 - 2015-07-07 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-07-07 11:58 - 2015-07-07 11:58 - 00000000 ____D C:\Program Files\7-Zip
    2015-07-07 03:37 - 2015-07-07 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
    2015-07-07 03:37 - 2015-07-07 03:37 - 00000000 ____D C:\Program Files\HD Tune Pro
    2015-07-07 03:35 - 2015-07-07 03:35 - 02239373 _____ (EFD Software ) C:\Users\Andrew Maul\Downloads\hdtunepro_560_trial.exe
    2015-07-06 12:31 - 2015-07-06 12:32 - 00372361 _____ C:\Users\Andrew Maul\Downloads\Attachments_201576.zip
    2015-07-04 11:57 - 2015-07-04 11:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2015-07-04 11:51 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-02 13:10 - 2015-07-02 13:10 - 00009651 _____ C:\Users\Andrew Maul\Documents\Trib Obit 100 character max.odt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-31 17:23 - 2011-12-03 17:26 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-31 17:21 - 2012-04-06 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-31 17:04 - 2009-07-16 08:09 - 01601006 _____ C:\Windows\WindowsUpdate.log
    2015-07-31 16:22 - 2006-11-02 08:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-31 16:22 - 2006-11-02 08:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-31 11:16 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-31 10:31 - 2015-05-22 19:36 - 00000000 ____D C:\Users\Public\Documents\Verizon_WPP
    2015-07-31 10:26 - 2011-12-03 17:26 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-07-31 10:23 - 2009-07-15 12:24 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
    2015-07-31 10:22 - 2008-12-04 09:11 - 00000147 _____ C:\Windows\system32\agent.log
    2015-07-31 10:22 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-31 10:21 - 2008-01-20 23:02 - 00184944 _____ C:\Windows\PFRO.log
    2015-07-31 10:20 - 2006-11-02 08:58 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-07-29 15:00 - 2015-01-02 15:54 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\PrimoPDF
    2015-07-25 23:10 - 2015-04-20 12:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-24 20:49 - 2014-09-08 14:28 - 00000000 ____D C:\Program Files\Java
    2015-07-24 19:34 - 2006-11-02 08:44 - 00321632 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-07-24 19:08 - 2013-08-14 13:04 - 00000000 ____D C:\Windows\system32\MRT
    2015-07-24 19:07 - 2008-12-04 08:42 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-07-23 12:40 - 2009-07-27 22:33 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\vlc
    2015-07-23 12:33 - 2015-03-17 09:37 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\dvdcss
    2015-07-23 07:50 - 2015-05-22 23:23 - 00000000 ____D C:\Users\Andrew Maul\Desktop\New Folder (2)
    2015-07-21 12:22 - 2015-06-05 13:44 - 00000000 ____D C:\Users\Andrew Maul\Desktop\Medicaid
    2015-07-18 12:51 - 2015-03-03 03:13 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Rainmaker Software Group LLC.&#8203;
    2015-07-18 12:51 - 2013-12-15 01:31 - 00000000 ____D C:\ProgramData\APN
    2015-07-16 04:25 - 2012-04-06 16:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-07-16 04:25 - 2012-03-13 12:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-07-16 00:18 - 2015-06-06 10:08 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000UA.job
    2015-07-16 00:18 - 2015-06-06 10:08 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000Core.job
    2015-07-09 11:02 - 2015-05-30 14:32 - 00000000 ____D C:\Users\Andrew Maul\Documents\KRISTAL Media Files
    2015-07-08 17:37 - 2014-08-03 01:10 - 00001423 _____ C:\Windows\wininit.ini
    2015-07-08 17:37 - 2012-08-26 02:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-07-07 09:37 - 2006-11-02 08:49 - 00043252 _____ C:\Windows\setupact.log
    2015-07-06 17:57 - 2015-01-16 09:54 - 00000000 ____D C:\Users\Andrew Maul\Desktop\Desktop files
    2015-07-04 12:03 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2015-07-03 09:29 - 2009-07-27 22:45 - 00029184 _____ C:\Users\Andrew Maul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-07-03 08:49 - 2006-11-02 06:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-07-01 08:08 - 2015-06-29 15:07 - 00021143 _____ C:\Users\Andrew Maul\Documents\Penny Rolls bshiftmama.ods

    ==================== Files in the root of some directories =======

    2013-08-21 15:32 - 2013-08-30 10:17 - 0003725 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    2015-07-15 19:34 - 2015-07-18 00:34 - 0000107 _____ () C:\Users\Andrew Maul\AppData\Roaming\WB.CFG
    2015-07-07 12:04 - 2015-07-07 12:04 - 0000000 _____ () C:\Users\Andrew Maul\AppData\Roaming\wklnhst.dat
    2012-03-11 11:54 - 2015-05-01 03:26 - 0000680 _____ () C:\Users\Andrew Maul\AppData\Local\d3d9caps.dat
    2009-07-27 22:45 - 2015-07-03 09:29 - 0029184 _____ () C:\Users\Andrew Maul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-07-31 10:46 - 2015-07-31 10:46 - 0000036 _____ () C:\Users\Andrew Maul\AppData\Local\housecall.guid.cache

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-31 10:29

    ==================== End of log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-07-2015
    Ran by Andrew Maul (2015-07-31 17:24:54)
    Running from C:\Users\Andrew Maul\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2636645638-1367612892-662724275-500 - Administrator - Disabled)
    Andrew Maul (S-1-5-21-2636645638-1367612892-662724275-1000 - Administrator - Enabled) => C:\Users\Andrew Maul
    Guest (S-1-5-21-2636645638-1367612892-662724275-501 - Limited - Disabled)
    Guest of Andy (S-1-5-21-2636645638-1367612892-662724275-1001 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.05 beta (HKLM\...\7-Zip) (Version: - )
    Acer Assist (HKLM\...\Acer Assist) (Version: - Acer Incorporated)
    Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3013 - Acer Incorporated)
    Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
    Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
    Acer Registration (HKLM\...\Acer Registration) (Version: - Acer - Leader Technologies)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Adobe Reader Free Download Packages (HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Adobe Reader Free Download Packages) (Version: - ) <==== ATTENTION
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Agatha Christie Peril at End House (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}) (Version: - Oberon Media)
    Alice Greenfingers (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
    Alien Shooter (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}) (Version: - Oberon Media)
    ATI Catalyst Install Manager (HKLM\...\{67A8747E-0517-75EF-244F-9E219C440107}) (Version: 3.0.682.0 - ATI Technologies, Inc.)
    AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 15.5.0.2 - AVG Technologies)
    AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )
    Bookworm Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}) (Version: - Oberon Media)
    C:\Program Files\Acer GameZone\GameConsole (HKLM\...\{71C2828F-2678-4675-BDEC-895424861262}_is1) (Version: 2.0.1.4 - Oberon Media, Inc.)
    Cake Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
    ccc-core-static (Version: 2008.0703.2236.38526 - ATI) Hidden
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
    Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
    Chromium (HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Chromium) (Version: 45.0.2442.0 - Chromium)
    Chromium (HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\UpdateTask) (Version: - Chromium)
    Conquest 4.0 (HKLM\...\Conquest_is1) (Version: - Sean O'Connor's Windows Games)
    Dream Day First Home (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
    DVD Rebuilder (HKLM\...\{0186F98B-19A2-4791-8ECA-BD7870FD0C65}_is1) (Version: Free v0.98.2 - jdobbs softworks and rockas association)
    DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
    DVD43 Plug-in v1.0.0.6 (HKLM\...\DVD43 Plug-in_is1) (Version: - )
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    Express Burn Disc Burning Software (HKLM\...\ExpressBurn) (Version: 4.77 - NCH Software)
    ffdshow v1.1.3572 [2010-09-13] (HKLM\...\ffdshow_is1) (Version: 1.1.3572.0 - )
    Free WAV To MP3 Converter version 1.0.0.1 (HKLM\...\{5C4D1900-FE1A-4c9c-B91C-B034F56D23D7}_is1) (Version: 1.0.0.1 - )
    Galapago (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
    Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM\...\{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}) (Version: 2.5.5 - Garmin Ltd or its subsidiaries)
    Go-Go Gourmet (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}) (Version: - Oberon Media)
    Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
    Google Desktop (HKLM\...\Google Desktop) (Version: 5.7.0808.07150 - Google)
    Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
    Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
    HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
    HD Tune Pro 5.60 (HKLM\...\HD Tune Pro_is1) (Version: - EFD Software)
    Heroes of Hellas (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Java(TM) 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
    KRISTAL Audio Engine (HKLM\...\KRISTAL Audio Engine) (Version: - )
    LaCie Device Updater (HKLM\...\LaCie Device Updater) (Version: - )
    Launch Manager (HKLM\...\LManager) (Version: - )
    LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
    LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
    Magic Farm (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}) (Version: - Oberon Media)
    Magic Match Adventures (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}) (Version: - Oberon Media)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery Solitaire - Secret Island (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}) (Version: - Oberon Media)
    Mythic Mahjong (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}) (Version: - Oberon Media)
    NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
    NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
    NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
    NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
    OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
    OpenOffice Calc Free Download Packages (HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\OpenOffice Calc Free Download Packages) (Version: - ) <==== ATTENTION
    Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.0.1 - Convesoft)
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    Putt Mania (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112028410}) (Version: - Oberon Media)
    RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Skins (Version: 2008.0703.2236.38526 - ATI) Hidden
    Sothink Movie DVD Maker (HKLM\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.8 - SourceTec Software Co., LTD)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.2.0 - Synaptics)
    The Rise of Atlantis (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}) (Version: - Oberon Media)
    Tiks Texas Hold em (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}) (Version: - Oberon Media)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Verizon Wireless Software Upgrade Assistant - Samsung (HKLM\...\{515E3495-61EC-477C-A089-D73BB51E1BEF}) (Version: 1.14.1109 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM\...\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}) (Version: 1.13.0103 - SAMSUNG)
    VideoCam Suite (Version: 1.00.821 - Panasonic) Hidden
    VideoCam Suite 1.0 (HKLM\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 1.00.822.0009 - Panasonic Corporation)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    wavtomp3_setup (Version: 1.0.0.0 - wavtomp3_setup) Hidden
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Live ID Sign-in Assistant (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Andrew Maul\AppData\Local\Chromium\Application\45.0.2442.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2636645638-1367612892-662724275-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)

    ==================== Restore Points =========================

    30-07-2015 09:06:09 Scheduled Checkpoint
    31-07-2015 14:08:41 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 06:23 - 2013-09-02 16:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0E18246F-04A3-4084-A213-F87DF4C2A10C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000Core => C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-06] (Google Inc.)
    Task: {46F5029B-8573-4B97-B574-C3CA77D31C91} - \ProPCCleaner_Start No Task File <==== ATTENTION
    Task: {48DD53EE-F79D-48B0-99D5-FAC5A2B74A66} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2636645638-1367612892-662724275-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {4A04DD38-C9C4-496A-8EF1-F826E8556E0A} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe
    Task: {4C5C7517-6A60-427C-91D8-38291C0D0B5D} - System32\Tasks\UpdateTask => C:\Users\Andrew Maul\AppData\Local\Chromium\Application\45.0.2442.0\Installer\uninstall.exe [2015-07-15] ()
    Task: {6A7A16E3-CC73-4636-89B3-760743C0284C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated)
    Task: {8ACFCB7F-0497-4882-9781-3F4923012DF9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2636645638-1367612892-662724275-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {8EB27440-FE12-4348-A61F-CB571B4AFDAE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2636645638-1367612892-662724275-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {93DEF824-80D9-4BC4-B4D1-0915977CE422} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
    Task: {9BBE51EC-F5E8-4DA5-B07E-90DD6A453473} - System32\Tasks\Acer\Acer Assist\New Message Check - Andrew Maul => C:\Program Files\Acer\Acer Assist\AcerAssist.exe [2007-11-19] (Acer Incorporated)
    Task: {A83A49B6-13DE-4B0B-BEFB-78536B821FFA} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2636645638-1367612892-662724275-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {AEE6DBFE-AB58-463D-8A7A-0050497069C0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000UA => C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-06] (Google Inc.)
    Task: {B2E67D04-4CF7-4508-A45D-ED3740B19F73} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {BA8707DE-14D4-4A46-9EE5-B2C06916F2E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
    Task: {BD904037-832F-493C-B071-95131E166FA5} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe
    Task: {CFCBEBFD-9FF9-48D2-9EF8-EAB4E893A9AE} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {DCF40269-2A4C-4F06-8ED5-A1AFA1A4E448} - \ProPCCleaner_Popup No Task File <==== ATTENTION
    Task: {FFBADE7C-4FE5-4088-AEBE-E3FBFFB38581} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2636645638-1367612892-662724275-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000Core.job => C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000UA.job => C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\ANDREW~1\AppData\Local\Chromium\APPLIC~1\450244~1.0\INSTAL~1\UNINST~1.EXE

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-02 15:47 - 2011-02-28 18:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
    2007-06-24 23:09 - 2007-06-24 23:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
    2007-06-24 23:09 - 2007-06-24 23:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
    2007-06-24 23:09 - 2007-06-24 23:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
    2009-07-15 12:23 - 2008-11-28 10:56 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    2009-07-15 12:23 - 2009-07-15 12:23 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3013.0__14bcaafdb44b5951\Framework.Model.Controller.dll
    2009-07-15 12:23 - 2009-07-15 12:23 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
    2009-07-15 12:23 - 2009-07-15 12:23 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
    2009-07-15 12:23 - 2009-07-15 12:23 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3013.0__672b450de5a7e94a\Framework.Host.dll
    2009-07-15 12:23 - 2009-07-15 12:23 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3013.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
    2009-07-15 12:23 - 2009-07-15 12:23 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
    2008-12-04 09:14 - 2007-12-06 20:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
    2008-12-04 09:14 - 2007-11-27 19:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
    2008-04-26 01:36 - 2008-04-26 01:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    2008-12-04 07:05 - 2008-07-03 23:37 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^Andrew Maul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk => C:\Windows\pss\Orion.lnk.Startup
    MSCONFIG\startupreg: Acer Product Registration => "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [{D64DAAC3-3615-46D7-9676-E10679B9500C}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{5A6A4999-D213-474E-9218-2C40DB4A4009}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    FirewallRules: [{259F1611-C159-42C3-AFAF-5539853B7035}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    FirewallRules: [{658F8628-5F50-4AEA-BD76-F97E35AA0099}] => (Allow) LPort=80
    FirewallRules: [{4F5298D5-26AE-487D-9B47-08D5B4FCEFD2}] => (Allow) LPort=80
    FirewallRules: [{4A1C94E4-8BD7-4D33-93F3-2DD92FC46E57}] => (Allow) LPort=80
    FirewallRules: [TCP Query User{9E6B64E8-E924-48A0-9CCA-8ED7C520B41C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{6F67E4ED-B543-45E9-BEA6-C3125C312542}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
    FirewallRules: [{91F72C82-E8BF-4C1D-8266-762A599D2041}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{D676A455-20EA-4E33-8878-FFE2CF3EACC5}C:\users\public\documents\rsupport\rcc50\rcengmgru.exe] => (Allow) C:\users\public\documents\rsupport\rcc50\rcengmgru.exe
    FirewallRules: [UDP Query User{5E53BEFE-0B3F-4A23-9E23-57A87A843EF5}C:\users\public\documents\rsupport\rcc50\rcengmgru.exe] => (Allow) C:\users\public\documents\rsupport\rcc50\rcengmgru.exe
    FirewallRules: [TCP Query User{7C0385E9-1C28-4141-A1F3-9E161F017DA9}C:\users\public\documents\rsupport\rcc50\rcsemgru.exe] => (Allow) C:\users\public\documents\rsupport\rcc50\rcsemgru.exe
    FirewallRules: [UDP Query User{85B54811-CEB4-48ED-93DC-204DC0BD1491}C:\users\public\documents\rsupport\rcc50\rcsemgru.exe] => (Allow) C:\users\public\documents\rsupport\rcc50\rcsemgru.exe
    FirewallRules: [{46B361F7-E883-4AE7-9BB2-A199DC101A4A}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsy74BC.tmp\CnetInstaller-10127664.exe
    FirewallRules: [{378EC043-384C-4593-8A87-AC2DD09A2EE4}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsy74BC.tmp\CnetInstaller-10127664.exe
    FirewallRules: [{D9F2399C-754C-4F29-9489-9B38415ABE79}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{CDE3FFB6-D475-4D36-B811-B0D4450020DF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{6C4C8CB5-3610-452F-A9DD-755E13BEE3DE}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsv49ED.tmp\CnetInstaller-76172022.exe
    FirewallRules: [{D552ED92-5571-4081-BA78-7C80494EAF00}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsv49ED.tmp\CnetInstaller-76172022.exe
    FirewallRules: [{7D3A241C-C70E-457E-87C4-A149E1DE67FC}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsgF9B0.tmp\CnetInstaller-10669082.exe
    FirewallRules: [{4206A8B4-9139-471F-80BD-2DEBE03EA3FC}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsgF9B0.tmp\CnetInstaller-10669082.exe
    FirewallRules: [{204CC6B8-C5D1-4B9F-A6C2-027E6A073A5C}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsz3831.tmp\Installer-10060500.exe
    FirewallRules: [{5D7C4B69-6536-4BF8-81CE-E057D507BB04}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsz3831.tmp\Installer-10060500.exe
    FirewallRules: [{6E559612-96E3-402A-BAC8-743CB7825BFE}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsbA8FD.tmp\Installer-10060500.exe
    FirewallRules: [{7AD8CFE3-5857-4A11-A150-6D14E40795A4}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsbA8FD.tmp\Installer-10060500.exe
    FirewallRules: [{1846B57E-155A-45FC-96B1-CC695B413F77}] => (Allow) C:\Users\Andrew Maul\AppData\Local\Chromium\Application\chrome.exe
    FirewallRules: [{EDFD19EF-92B4-4E05-B5DB-688C9C6543DC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/31/2015 01:45:03 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/31/2015 01:45:03 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/31/2015 11:05:44 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\ANDREW MAUL\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YGPOHE3X.DEFAULT-1428510776651\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (07/31/2015 10:44:25 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/31/2015 10:44:25 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/31/2015 10:23:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (07/29/2015 02:45:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 39.0.0.5659, time stamp 0x55934d06, faulting module mozalloc.dll, version 39.0.0.5659, time stamp 0x55933a83, exception code 0x80000003, fault offset 0x00001aa1,
    process id 0x1160, application start time 0xplugin-container.exe0.

    Error: (07/28/2015 11:21:46 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 39.0.0.5659, time stamp 0x55934d06, faulting module mozalloc.dll, version 39.0.0.5659, time stamp 0x55933a83, exception code 0x80000003, fault offset 0x00001aa1,
    process id 0xafc, application start time 0xplugin-container.exe0.

    Error: (07/27/2015 09:53:56 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 39.0.0.5659, time stamp 0x55934d06, faulting module mozalloc.dll, version 39.0.0.5659, time stamp 0x55933a83, exception code 0x80000003, fault offset 0x00001aa1,
    process id 0x145c, application start time 0xplugin-container.exe0.

    Error: (07/24/2015 07:51:08 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (07/31/2015 10:42:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: ScRegSetValueExWFailureCommand%%5

    Error: (07/31/2015 10:32:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: ScRegSetValueExWStart%%5

    Error: (07/31/2015 10:23:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: vToolbarUpdater15.5.0%%2

    Error: (07/31/2015 10:23:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (07/29/2015 01:14:56 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {290DF7B4-08B5-4A7D-89A8-FB831BD8E99D}

    Error: (07/25/2015 07:45:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: ScRegSetValueExWFailureCommand%%5

    Error: (07/25/2015 07:45:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: ScRegSetValueExWStart%%5

    Error: (07/24/2015 07:57:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: ScRegSetValueExWFailureCommand%%5

    Error: (07/24/2015 07:51:54 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%839

    Error: (07/24/2015 07:51:00 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%838


    Microsoft Office:
    =========================

    CodeIntegrity:
    ===================================
    Date: 2015-07-18 11:47:09.291
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:08.620
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:07.887
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:07.138
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:06.467
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:05.750
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:04.439
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:03.706
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:02.973
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-07-18 11:47:02.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) Processor 2650e
    Percentage of memory in use: 59%
    Total physical RAM: 2813.25 MB
    Available physical RAM: 1137.95 MB
    Total Virtual: 5867.06 MB
    Available Virtual: 4270.81 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:69.52 GB) (Free:18.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:5.19 GB) NTFS
    Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:3714.3 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 9703220A)
    Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
    Partition 2: (Active) - (Size=69.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 1.

    ==================== End of log ============================
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,675
    Android,
    in my opinion, you should not allow ANY Java on this system.
    The last Java tested with XP was Java 7.
    (This does not relate to javascript, contained in all browsers).
    -----------------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
    Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

    AVG SafeGuard toolbar
    ffdshow v1.1.3572
    Express Burn Disc Burning Software
    Java(TM) 6 Update 45
    Java 8 Update 51
    Orion

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)
    In your case, you will need to have it in your Downloads folder, same as FRST.exe
    Run FRST and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    We can replace any functions missing after the Uninstalls.
    Let me know how it goes.
    askey127
     

    Attached Files:

    Last edited: Jul 31, 2015
  7. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    On Java, I don't have XP but Vista. You recommend removing all Java? BTW, in Vista, in Control Panel it's called "Programs and Features", not Add/Remove Programs. Is Express Burn Disc Burning Software bad? I'm not sure what those other programs are.
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,675
    Sorry, that was my fault.
    You can keep Java8 Update 51, but the older Java has to go.
    You may want to read these before you decide whether to keep any Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/
    http://www.itworld.com/article/2940...-make-yahoo-your-default-search-provider.html

    Express Burn is an ad generator. We can replace it with a different app if you wish.
    ExpressBurn is one of these: http://www.makeuseof.com/tag/whats-problem-nch-software-remove/

    All the other programs I listed need to be uninstalled, using "Programs and Features".

    Once that's done,please proceed with the rest of the instruction.
     
    Last edited: Aug 1, 2015
  9. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    Ok, you convinced me to get rid of Java, but is there anything that uses Java that I will miss?

    RED ALERT -- AVG SafeGuard toolbar will not allow itself to be removed in "Programs and Features".

    Also in one of the articles you linked, it said some bad stuff about the Ask Toolbar. Should I uninstall this as well? I don't think I ever used it. Actually I clicked on Ask Toolbar and there is no option for uninstall here, so maybe a red alert here as well?
     
    Last edited: Aug 1, 2015
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,675
    The fact that you cannot uninstall those two toolbars tells you something about their ethics.
    The Ask toolbar is a notorious adware delivery system, along with the ability to hijack searches.
    The AVG toolbar is also related to Ask.com, and AVG gets paid for the "service".
    We will take care of removing those using FRST..

    I don't know for sure what programs you have that may use Java. There aren't many left that do.
    There may also be an occasional website that uses it, but again becoming few and far between.
    If you remove all Java, you will see what effect it has on your habits. It's easy to install again if you must have it.
    I don't have any Java on my machine.

    Please go ahead and finish up with any remaining Uninstalls that work, and then run the Fix with FRST.
    Also tell me if you use NTI backup or StrongVault Backup. If not, I will remove them.
    askey127
     
  11. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    Ok I got rid of all the programs above, all Java, also NTI Backup and some other programs that just appeared to be games that came with the laptop but which I never used. The only things that could NOT go were AVG Safeguard Toolbar and Ask Toolbar. I didn't see StrongVault Backup anywhere and don't use it, so it should go as well. What about a program called Chromium, should that go too? I have Chrome installed, but use that rarely and Firefox most of the time.

    I want to do the FRST fix now, but was wondering if the fixlist.txt file needs to be different now of should I download and use your attached file above.
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,675
    Chromium and Chrome are basically the same, except for a few technical differences.
    If you have chrome, you don't need chromium. Chromium works in Windows but is mostly used for Linux.

    Go ahead with the Fixlist as posted.

    We will end up doing another scan/ fix sequence anyway to pick up the leftover debris.
    Post that Fixlog.txt when you are done, so we can be sure most of it worked.
     
  13. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    Fix result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
    Ran by Andrew Maul (2015-08-03 02:44:50) Run:1
    Running from C:\Users\Andrew Maul\Downloads
    Loaded Profiles: Andrew Maul (Available Profiles: Andrew Maul)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    OpenOffice Calc Free Download Packages (HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\OpenOffice Calc Free Download Packages) (Version: - ) <==== ATTENTION
    Task: {46F5029B-8573-4B97-B574-C3CA77D31C91} - \ProPCCleaner_Start No Task File <==== ATTENTION
    Task: {B2E67D04-4CF7-4508-A45D-ED3740B19F73} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {CFCBEBFD-9FF9-48D2-9EF8-EAB4E893A9AE} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {DCF40269-2A4C-4F06-8ED5-A1AFA1A4E448} - \ProPCCleaner_Popup No Task File <==== ATTENTION
    FirewallRules: [{46B361F7-E883-4AE7-9BB2-A199DC101A4A}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsy74BC.tmp\CnetInstaller-10127664.exe
    FirewallRules: [{378EC043-384C-4593-8A87-AC2DD09A2EE4}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsy74BC.tmp\CnetInstaller-10127664.exe
    FirewallRules: [{6C4C8CB5-3610-452F-A9DD-755E13BEE3DE}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsv49ED.tmp\CnetInstaller-76172022.exe
    FirewallRules: [{D552ED92-5571-4081-BA78-7C80494EAF00}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsv49ED.tmp\CnetInstaller-76172022.exe
    FirewallRules: [{7D3A241C-C70E-457E-87C4-A149E1DE67FC}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsgF9B0.tmp\CnetInstaller-10669082.exe
    FirewallRules: [{4206A8B4-9139-471F-80BD-2DEBE03EA3FC}] => (Allow) C:\Users\ANDREW~1\AppData\Local\Temp\nsgF9B0.tmp\CnetInstaller-10669082.exe
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    OpenOffice Calc Free Download Packages (HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\OpenOffice Calc Free Download Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46F5029B-8573-4B97-B574-C3CA77D31C91}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46F5029B-8573-4B97-B574-C3CA77D31C91}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2E67D04-4CF7-4508-A45D-ED3740B19F73}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E67D04-4CF7-4508-A45D-ED3740B19F73}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCBEBFD-9FF9-48D2-9EF8-EAB4E893A9AE}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCBEBFD-9FF9-48D2-9EF8-EAB4E893A9AE}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCF40269-2A4C-4F06-8ED5-A1AFA1A4E448}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF40269-2A4C-4F06-8ED5-A1AFA1A4E448}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46B361F7-E883-4AE7-9BB2-A199DC101A4A} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{378EC043-384C-4593-8A87-AC2DD09A2EE4} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C4C8CB5-3610-452F-A9DD-755E13BEE3DE} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D552ED92-5571-4081-BA78-7C80494EAF00} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D3A241C-C70E-457E-87C4-A149E1DE67FC} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4206A8B4-9139-471F-80BD-2DEBE03EA3FC} => value removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => 516.3 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 02:47:04 ====
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,675
    Android,,
    Good.
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST.exe to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved in the your downloads folder (same location as FRST.exe).
    • Please post the contents in your next reply.

    askey127
     
  15. Android

    Android Thread Starter

    Joined:
    Oct 30, 2006
    Messages:
    321
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
    Ran by Andrew Maul (administrator) on ANDREWMAUL-PC (03-08-2015 11:13:41)
    Running from C:\Users\Andrew Maul\Downloads
    Loaded Profiles: Andrew Maul (Available Profiles: Andrew Maul)
    Platform: Microsoft® Windows Vista&#8482; Home Basic Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
    () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\ACER\Mobility Center\MobilityService.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
    (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    (Microsoft Corporation) C:\Windows\System32\wpcumi.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Google Inc.) C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe
    (Matsushita Electric Industrial Co., Ltd.) C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Samsung Electronics Co. Ltd.) C:\Users\Andrew Maul\AppData\Roaming\Verizon\SUA\VZWSUAM.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Realtek Semiconductor Corp.) C:\Users\Andrew Maul\AppData\Local\Temp\RtkBtMnt.exe
    (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Kreatives.org) C:\Program Files\Kreatives.org\KRISTAL Audio Engine\KRISTAL.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-02] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608 2008-02-21] (Synaptics, Inc.)
    HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [846344 2008-07-22] (Dritek System Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2008-12-04] (Google)
    HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
    HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
    HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-19] (RealNetworks, Inc.)
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-07-15] (Google Inc.)
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Run: [Google Update] => C:\Users\Andrew Maul\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-06] (Google Inc.)
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [113664 2008-12-04] (Google)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk [2012-08-25]
    ShortcutTarget: Auto run of VideoCam Suite 1.0.lnk -> C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Upgrade Assistant.lnk [2015-05-22]
    ShortcutTarget: Verizon Wireless Software Upgrade Assistant.lnk -> C:\Users\Andrew Maul\AppData\Roaming\Verizon\SUA\VZWSUAM.exe (Samsung Electronics Co. Ltd.)
    Startup: C:\Users\Andrew Maul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-03-27]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicyUsers\S-1-5-21-2636645638-1367612892-662724275-1001\User: Group Policy Restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0709&m=aspire_5515
    HKU\S-1-5-21-2636645638-1367612892-662724275-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-2636645638-1367612892-662724275-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2636645638-1367612892-662724275-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
    Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2636645638-1367612892-662724275-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
    Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{1D69327A-41BE-45F5-9F83-B01C419E94E5}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1}: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Andrew Maul\AppData\Roaming\Mozilla\Firefox\Profiles\ygpohe3x.default-1428510776651
    FF DefaultSearchEngine: Google
    FF SelectedSearchEngine: Yahoo!
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-19] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-19] (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=1.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andrew Maul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @talk.google.com/O1DPlugin -> C:\Users\Andrew Maul\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2636645638-1367612892-662724275-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andrew Maul\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-19] (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-19] (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Users\Andrew Maul\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Andrew Maul\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2013-08-30]
    FF Extension: Yahoo! Toolbar - C:\Users\Andrew Maul\AppData\Roaming\Mozilla\Firefox\Profiles\ygpohe3x.default-1428510776651\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-04-10]
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-07-07]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-28]
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-19]
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR Profile: C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
    CHR Extension: (Google Docs) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
    CHR Extension: (Google Drive) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
    CHR Extension: (YouTube) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
    CHR Extension: (Google Search) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
    CHR Extension: (Google Sheets) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
    CHR Extension: (RealDownloader) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-04-06]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
    CHR Extension: (Google Wallet) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-06]
    CHR Extension: (Gmail) - C:\Users\Andrew Maul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
    R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
    S3 GoogleDesktopManager-080708-050100; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [24064 2008-12-04] (Google) [File not signed]
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 Rsupport RemoteCall Session Manager; C:\Users\Public\Documents\RSupport\rcc50\rcsemgru.exe [391024 2013-02-28] (Rsupport Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
    S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [129552 2008-08-06] (AMD Technologies Inc.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-22] (AVG Technologies)
    R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
    R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
    S3 LaCieFWFilter; C:\Windows\System32\DRIVERS\LaCieFWFilter.sys [14848 2005-10-18] (LaCie Group S.A.) [File not signed]
    R3 LaCieUSBFilter; C:\Windows\System32\DRIVERS\LaCieUSBFilter.sys [15872 2005-10-19] (LaCie Group) [File not signed]
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
    S3 rssasnt; C:\Users\Public\Documents\RSupport\rcc50\rssasnt.sys [12656 2012-10-11] (Rsupport Co.,Ltd)
    S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
    R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [11296 2014-09-01] (Rsupport Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\ANDREW~1\AppData\Local\Temp\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-03 02:44 - 2015-08-03 02:44 - 00000000 ____D C:\Users\Andrew Maul\Downloads\FRST-OlderVersion
    2015-07-31 18:09 - 2015-07-31 18:16 - 00001274 _____ C:\Users\Andrew Maul\Desktop\Accident.txt
    2015-07-31 17:24 - 2015-07-31 17:25 - 00038726 _____ C:\Users\Andrew Maul\Downloads\Addition.txt
    2015-07-31 17:23 - 2015-08-03 11:13 - 00021768 _____ C:\Users\Andrew Maul\Downloads\FRST.txt
    2015-07-31 17:23 - 2015-08-03 11:13 - 00000000 ____D C:\FRST
    2015-07-31 17:22 - 2015-08-03 02:44 - 01673728 _____ (Farbar) C:\Users\Andrew Maul\Downloads\FRST.exe
    2015-07-31 11:28 - 2015-07-31 11:28 - 00448512 _____ (OldTimer Tools) C:\Users\Andrew Maul\Downloads\TFC.exe
    2015-07-31 10:46 - 2015-07-31 10:46 - 00000036 _____ C:\Users\Andrew Maul\AppData\Local\housecall.guid.cache
    2015-07-31 10:45 - 2015-07-31 10:45 - 02073512 _____ (Trend Micro Inc.) C:\Users\Andrew Maul\Downloads\HousecallLauncher.exe
    2015-07-28 07:04 - 2015-07-28 07:04 - 00509440 _____ (Tech Support Guy System) C:\Users\Andrew Maul\Downloads\SysInfo.exe
    2015-07-27 08:36 - 2015-07-27 08:37 - 00281468 _____ C:\Users\Andrew Maul\Documents\Fabulous Hell.odp
    2015-07-24 20:43 - 2015-07-24 20:43 - 00000000 ____D C:\ProgramData\Oracle
    2015-07-24 19:29 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-07-24 19:29 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-07-24 19:29 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-07-24 19:28 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-07-24 19:27 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-07-24 19:27 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-07-24 19:27 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-07-24 19:05 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-07-24 19:04 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-07-24 19:04 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-07-24 19:04 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-07-24 19:04 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-07-24 19:04 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-07-24 19:04 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-07-24 19:04 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-07-24 19:04 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-07-23 11:08 - 2015-07-23 12:33 - 00016441 _____ C:\Users\Andrew Maul\Documents\2012 Msgs AC.kristal
    2015-07-19 01:01 - 2015-07-21 11:44 - 00000643 _____ C:\Users\Andrew Maul\Desktop\Good Late Proof Coins.txt
    2015-07-15 19:34 - 2015-07-18 00:34 - 00000107 _____ C:\Users\Andrew Maul\AppData\Roaming\WB.CFG
    2015-07-15 18:52 - 2015-07-15 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free WAV To MP3 Converter
    2015-07-15 18:52 - 2015-07-15 18:52 - 00000000 ____D C:\Program Files\WAVToMP3Converter
    2015-07-15 18:50 - 2015-07-15 18:50 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Shortcut
    2015-07-15 18:49 - 2015-07-15 18:49 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Opera Software
    2015-07-15 18:49 - 2015-07-15 18:49 - 00000000 ____D C:\Users\Andrew Maul\AppData\Local\Opera Software
    2015-07-15 18:40 - 2015-07-24 20:10 - 00000000 ____D C:\Program Files\Opera
    2015-07-15 18:34 - 2015-08-03 10:34 - 00000346 _____ C:\Windows\Tasks\UpdateTask.job
    2015-07-15 18:32 - 2015-07-15 18:32 - 00000000 ____D C:\ProgramData\COMODO
    2015-07-15 18:32 - 2015-07-15 18:32 - 00000000 ____D C:\Program Files\COMODO
    2015-07-15 18:20 - 2015-07-15 18:20 - 00772740 _____ ( ) C:\Users\Andrew Maul\Downloads\wavtomp3_setup [1].exe
    2015-07-15 17:50 - 2015-07-15 18:52 - 00000000 ____D C:\Program Files\globalUpdate
    2015-07-15 17:50 - 2015-07-15 17:50 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-07-15 17:50 - 2015-07-15 17:50 - 00000000 ____D C:\Users\Andrew Maul\AppData\Local\globalUpdate
    2015-07-15 17:35 - 2015-07-15 17:35 - 03052773 _____ C:\Windows\system32\Caroline 2015.07.14
    2015-07-15 17:07 - 2015-07-23 11:33 - 00000000 ____D C:\Users\Andrew Maul\Documents\Media
    2015-07-15 03:41 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-07-15 03:41 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-07-15 03:40 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-07-15 03:40 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-07-15 03:40 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-07-15 03:40 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-07-15 03:40 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-07-15 03:40 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-07-15 03:40 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-07-15 03:40 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-07-15 03:40 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-07-15 03:40 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-07-15 03:40 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-07-13 20:53 - 2015-07-13 20:55 - 00000000 ____D C:\Users\Andrew Maul\Desktop\Adobe Acrobat X
    2015-07-09 14:20 - 2015-07-09 14:20 - 00000378 _____ C:\Users\Andrew Maul\Desktop\Desktop old - Shortcut.lnk
    2015-07-09 11:03 - 2015-07-23 11:07 - 00017558 _____ C:\Users\Andrew Maul\Documents\20150709 Home Answerer.kristal
    2015-07-07 16:22 - 2015-08-02 08:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2015-07-07 12:29 - 2015-07-07 12:29 - 00218129 _____ C:\Users\Andrew Maul\Downloads\h2testw_1.4.zip
    2015-07-07 12:05 - 2015-07-07 12:33 - 00000000 ____D C:\Users\Andrew Maul\Downloads\Check microSD chips
    2015-07-07 12:04 - 2015-07-07 12:04 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Template
    2015-07-07 12:04 - 2015-07-07 12:04 - 00000000 _____ C:\Users\Andrew Maul\AppData\Roaming\wklnhst.dat
    2015-07-07 11:58 - 2015-07-07 11:58 - 01062749 _____ (Igor Pavlov) C:\Users\Andrew Maul\Downloads\7z1505.exe
    2015-07-07 11:58 - 2015-07-07 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-07-07 11:58 - 2015-07-07 11:58 - 00000000 ____D C:\Program Files\7-Zip
    2015-07-07 03:37 - 2015-07-07 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
    2015-07-07 03:37 - 2015-07-07 03:37 - 00000000 ____D C:\Program Files\HD Tune Pro
    2015-07-07 03:35 - 2015-07-07 03:35 - 02239373 _____ (EFD Software ) C:\Users\Andrew Maul\Downloads\hdtunepro_560_trial.exe
    2015-07-06 12:31 - 2015-07-06 12:32 - 00372361 _____ C:\Users\Andrew Maul\Downloads\Attachments_201576.zip
    2015-07-04 11:57 - 2015-07-04 11:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2015-07-04 11:51 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-08-03 10:49 - 2006-11-02 08:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-08-03 10:49 - 2006-11-02 08:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-08-03 10:24 - 2011-12-03 17:26 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-08-03 10:21 - 2012-04-06 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-08-03 07:58 - 2009-07-16 08:09 - 01789300 _____ C:\Windows\WindowsUpdate.log
    2015-08-03 07:52 - 2015-04-20 12:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-08-03 02:57 - 2015-05-22 19:36 - 00000000 ____D C:\Users\Public\Documents\Verizon_WPP
    2015-08-03 02:57 - 2006-11-02 06:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-08-03 02:51 - 2011-12-03 17:26 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-08-03 02:51 - 2009-07-15 12:24 - 00000000 _____ C:\Windows\system32\LogConfigTemp.xml
    2015-08-03 02:51 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-08-03 02:47 - 2006-11-02 08:58 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-08-02 08:24 - 2008-12-04 09:09 - 00000000 ____D C:\Program Files\NewTech Infosystems
    2015-08-02 08:24 - 2008-12-04 08:31 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2015-08-01 22:53 - 2008-12-04 08:57 - 00000000 ____D C:\Program Files\Acer GameZone
    2015-08-01 22:40 - 2008-12-04 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
    2015-07-31 10:22 - 2008-12-04 09:11 - 00000147 _____ C:\Windows\system32\agent.log
    2015-07-31 10:21 - 2008-01-20 23:02 - 00184944 _____ C:\Windows\PFRO.log
    2015-07-29 15:00 - 2015-01-02 15:54 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\PrimoPDF
    2015-07-24 19:34 - 2006-11-02 08:44 - 00321632 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-07-24 19:08 - 2013-08-14 13:04 - 00000000 ____D C:\Windows\system32\MRT
    2015-07-24 19:07 - 2008-12-04 08:42 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-07-23 12:40 - 2009-07-27 22:33 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\vlc
    2015-07-23 12:33 - 2015-03-17 09:37 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\dvdcss
    2015-07-23 07:50 - 2015-05-22 23:23 - 00000000 ____D C:\Users\Andrew Maul\Desktop\New Folder (2)
    2015-07-21 12:22 - 2015-06-05 13:44 - 00000000 ____D C:\Users\Andrew Maul\Desktop\Medicaid
    2015-07-18 12:51 - 2015-03-03 03:13 - 00000000 ____D C:\Users\Andrew Maul\AppData\Roaming\Rainmaker Software Group LLC.&#8203;
    2015-07-18 12:51 - 2013-12-15 01:31 - 00000000 ____D C:\ProgramData\APN
    2015-07-16 04:25 - 2012-04-06 16:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-07-16 04:25 - 2012-03-13 12:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-07-16 00:18 - 2015-06-06 10:08 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000UA.job
    2015-07-16 00:18 - 2015-06-06 10:08 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2636645638-1367612892-662724275-1000Core.job
    2015-07-09 11:02 - 2015-05-30 14:32 - 00000000 ____D C:\Users\Andrew Maul\Documents\KRISTAL Media Files
    2015-07-08 17:37 - 2014-08-03 01:10 - 00001423 _____ C:\Windows\wininit.ini
    2015-07-08 17:37 - 2012-08-26 02:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2015-07-07 09:37 - 2006-11-02 08:49 - 00043252 _____ C:\Windows\setupact.log
    2015-07-06 17:57 - 2015-01-16 09:54 - 00000000 ____D C:\Users\Andrew Maul\Desktop\Desktop files
    2015-07-04 12:03 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

    ==================== Files in the root of some directories =======

    2013-08-21 15:32 - 2013-08-30 10:17 - 0003725 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    2015-07-15 19:34 - 2015-07-18 00:34 - 0000107 _____ () C:\Users\Andrew Maul\AppData\Roaming\WB.CFG
    2015-07-07 12:04 - 2015-07-07 12:04 - 0000000 _____ () C:\Users\Andrew Maul\AppData\Roaming\wklnhst.dat
    2012-03-11 11:54 - 2015-05-01 03:26 - 0000680 _____ () C:\Users\Andrew Maul\AppData\Local\d3d9caps.dat
    2009-07-27 22:45 - 2015-07-03 09:29 - 0029184 _____ () C:\Users\Andrew Maul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-07-31 10:46 - 2015-07-31 10:46 - 0000036 _____ () C:\Users\Andrew Maul\AppData\Local\housecall.guid.cache

    Some files in TEMP:
    ====================
    C:\Users\Andrew Maul\AppData\Local\Temp\RtkBtMnt.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-08-03 02:57

    ==================== End of log ============================
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1152387

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice