WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


[INACTIVE] second-hand dell inspiron n4010

2 posters

description[INACTIVE] second-hand dell inspiron n4010 Empty[INACTIVE] second-hand dell inspiron n401029th November 2016, 12:39 am

more_horiz
This computers usage has surrounded the internet and I presume its sluggishness can therein be attributed. I shall present Farbar Recovery Scan Tool scans below with high hopes that you may help resolve my presumptions true & ails cured with ease. Thank you for your service if indeed one decides to provide me any!

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 12:40 am

more_horiz
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by caty (administrator) on CATY-PC (28-11-2016 17:15:53)
Running from C:\Users\caty\Downloads
Loaded Profiles: caty (Available Profiles: caty)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Gramblr\gramblr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFDA.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] => c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-20] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\...\Run: [Best Buy pc app] => C:\Users\caty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\...\Run: [EPSON NX210 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDA.EXE [223232 2008-11-04] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\...\Run: [Google Update] => C:\Users\caty\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-08-15] (Google Inc.)
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-16] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\kloehk.dll [17592 2010-10-05] (Kaspersky Lab ZAO)
AppInit_DLLs: ,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\sbhook64.dll [29368 2010-10-05] (Kaspersky Lab ZAO)
AppInit_DLLs-x32: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\sbhook.dll [25272 2010-10-05] (Kaspersky Lab ZAO)
AppInit_DLLs-x32: ,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll [109240 2010-10-05] (Kaspersky Lab ZAO)
Startup: C:\Users\caty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-01-27]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-09-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-09-13]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-13]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{51DFF7B9-358C-4CF2-B19B-2742F7CC4758}: [DhcpNameServer] 13.35.0.1 13.35.0.2
Tcpip\..\Interfaces\{DB3604CA-70D4-4FAC-B52B-A9251175CB95}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E00D1BB8-B2E7-43D9-86B3-291465F16984} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=201203186EDA498FB3DF942A385524E0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> {7A8661CD-89A6-4A73-979D-2C316CB2E892} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> {AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D} URL =
SearchScopes: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> {E00D1BB8-B2E7-43D9-86B3-291465F16984} URL =
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll [2010-10-05] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-06] (Oracle Corporation)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll [2010-10-05] (Kaspersky Lab ZAO)
Toolbar: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default [2016-11-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r3fbcubk.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r3fbcubk.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\r3fbcubk.default -> hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff
hxxp://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\r3fbcubk.default -> hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p=
FF NetworkProxy: Mozilla\Firefox\Profiles\r3fbcubk.default -> no_proxies_on", "*.local"
FF Extension: (Hide My IP) - C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\Extensions\admin@hide-my-ip.org.xpi [2016-09-27]
FF Extension: (Hide My IP) - C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\Extensions\admin@myprivacytools.com.xpi [2016-09-26]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-10-11]
FF Extension: (Emoji Cheatsheet for GitHub, Basecamp etc.) - C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\Extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi [2016-10-23]
FF Extension: (Yahoo! Toolbar) - C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-07-15] [not signed]
FF Extension: (Adblock Plus) - C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Anti-Banner) - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2013-06-11] [not signed]
FF Extension: (Anti-Banner) - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2012-06-05] [not signed]
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-06-11] [not signed]
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: (Kaspersky Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2012-06-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\KavAntiBanner@kaspersky.ru
FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\KavAntiBanner@kaspersky.ru [2013-06-11] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2012-06-05] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [{eea12ec4-729d-4703-bc37-106ce9879ce2}] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2814596201-296319993-4142043406-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\caty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2814596201-296319993-4142043406-1001: @talk.google.com/O1DPlugin -> C:\Users\caty\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2814596201-296319993-4142043406-1001: @tools.google.com/Google Update;version=3 -> C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2814596201-296319993-4142043406-1001: @tools.google.com/Google Update;version=9 -> C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\caty\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\caty\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=435371&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=435371&fr=yo-yhp-ch",null,"hxxp://www.google.com/"
CHR Profile: C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (YouTube) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-09]
CHR Extension: (Adblock Plus) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-31]
CHR Extension: (Google Search) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-09]
CHR Extension: (HD Video Player) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg [2013-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR Extension: (Gmail) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10186832 2016-11-16] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2014-01-23] () [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [556120 2010-10-01] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 clwvd7; system32\DRIVERS\clwvd7.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 17:15 - 2016-11-28 17:17 - 00022704 _____ C:\Users\caty\Downloads\FRST.txt
2016-11-28 17:15 - 2016-11-28 17:15 - 02411520 _____ (Farbar) C:\Users\caty\Downloads\FRST64.exe
2016-11-28 17:15 - 2016-11-28 17:15 - 00000000 ____D C:\FRST
2016-11-28 16:14 - 2016-11-28 16:14 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2016-11-21 11:32 - 2016-11-21 11:32 - 00065939 _____ C:\Users\caty\Downloads\Prodigy_-_Breathe.mid
2016-11-20 20:07 - 2016-11-20 20:08 - 00026325 ____R C:\Users\caty\Downloads\Ace_of_Base_-_All_That_She_Wants.mid
2016-11-18 13:20 - 2016-11-28 16:28 - 00000000 ____D C:\Users\caty\AppData\LocalLow\Mozilla
2016-11-18 00:22 - 2016-11-18 00:23 - 00000000 ____D C:\Users\caty\Documents\PrincessNokia1992
2016-11-09 17:34 - 2016-11-09 17:34 - 00303640 _____ C:\Windows\Minidump\110916-146937-01.dmp
2016-11-09 03:32 - 2016-11-09 03:32 - 00000000 _____ C:\Windows\SysWOW64\sho1450.tmp
2016-11-08 16:07 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 16:07 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 16:07 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 16:07 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 16:07 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 16:07 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 16:07 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 16:07 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 16:07 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 16:07 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 16:07 - 2016-10-27 20:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 16:07 - 2016-10-27 20:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 16:07 - 2016-10-27 12:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 16:07 - 2016-10-27 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 16:07 - 2016-10-27 11:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 16:07 - 2016-10-27 11:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 16:07 - 2016-10-27 11:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 16:07 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 16:07 - 2016-10-27 11:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 16:07 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 16:07 - 2016-10-27 11:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 16:07 - 2016-10-27 11:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 16:07 - 2016-10-27 11:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 16:07 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 16:07 - 2016-10-27 11:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 16:07 - 2016-10-27 11:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 16:07 - 2016-10-27 11:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 16:07 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 16:07 - 2016-10-27 11:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 16:07 - 2016-10-27 11:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 16:07 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 16:07 - 2016-10-27 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 16:07 - 2016-10-27 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 16:07 - 2016-10-27 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 16:07 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 16:07 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 16:07 - 2016-10-27 11:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 16:07 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 16:07 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 16:07 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 16:07 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 16:07 - 2016-10-27 10:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 16:07 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 16:07 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 16:07 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 16:07 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 16:07 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 16:07 - 2016-10-25 08:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 16:07 - 2016-10-22 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 16:07 - 2016-10-22 10:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 16:07 - 2016-10-22 10:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 16:07 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 16:07 - 2016-10-22 10:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 16:07 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 16:07 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 16:07 - 2016-10-22 10:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 16:07 - 2016-10-22 10:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 16:07 - 2016-10-22 10:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 16:07 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 16:07 - 2016-10-22 10:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 16:07 - 2016-10-22 10:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 16:07 - 2016-10-22 10:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 16:07 - 2016-10-22 10:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 16:07 - 2016-10-22 10:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 16:07 - 2016-10-22 09:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 16:07 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 16:07 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 16:07 - 2016-10-22 09:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 16:07 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 16:07 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 16:07 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 16:07 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 16:07 - 2016-10-22 09:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 16:07 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 16:07 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 16:07 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 16:07 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 16:07 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 16:07 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 16:07 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 16:07 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 16:07 - 2016-10-11 08:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 16:07 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 16:07 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 16:07 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 16:07 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 16:07 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 16:07 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 16:07 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 16:07 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 16:07 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 16:07 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 16:07 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 16:07 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 16:07 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 16:07 - 2016-10-10 08:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 16:07 - 2016-10-10 08:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 16:07 - 2016-10-10 08:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 16:07 - 2016-10-10 08:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 16:07 - 2016-10-10 08:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 16:07 - 2016-10-10 08:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 16:07 - 2016-10-10 08:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 16:07 - 2016-10-10 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 16:07 - 2016-10-10 08:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 16:07 - 2016-10-10 07:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 16:07 - 2016-10-10 07:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 16:07 - 2016-10-10 07:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 16:07 - 2016-10-10 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 16:07 - 2016-10-10 07:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 16:07 - 2016-10-10 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 16:07 - 2016-10-07 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 16:07 - 2016-10-07 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 16:07 - 2016-10-07 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 16:07 - 2016-10-07 08:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 16:07 - 2016-10-07 08:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 16:07 - 2016-10-07 08:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 08:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 16:07 - 2016-10-07 08:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 16:07 - 2016-10-07 08:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 16:07 - 2016-10-07 08:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 16:07 - 2016-10-07 08:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 16:07 - 2016-10-07 07:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 16:07 - 2016-10-07 07:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 16:07 - 2016-10-07 07:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 16:07 - 2016-10-07 07:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 16:07 - 2016-10-07 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 16:07 - 2016-10-07 07:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 07:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 07:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 16:07 - 2016-10-07 07:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 16:07 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 16:07 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 16:07 - 2016-09-13 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 16:07 - 2016-09-13 08:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 16:07 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 16:07 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 16:06 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-07 15:15 - 2016-11-07 15:15 - 01137400 _____ (NCH Software) C:\Users\caty\Downloads\zipplus(1).exe
2016-11-07 13:22 - 2016-11-07 13:44 - 1497524353 ____R C:\Users\caty\Downloads\Spectrasonics - Trilogy.rar
2016-11-07 12:42 - 2016-11-07 12:43 - 01137400 _____ (NCH Software) C:\Users\caty\Downloads\zipplus.exe
2016-11-06 20:46 - 2016-11-06 20:38 - 00191552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2016-11-06 20:46 - 2016-11-06 20:38 - 00191040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2016-11-06 20:46 - 2016-11-06 20:38 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-06 20:43 - 2016-11-06 20:42 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-06 20:39 - 2016-11-06 20:39 - 00000000 ____D C:\Users\caty\AppData\Roaming\Sun
2016-11-06 20:26 - 2016-11-06 20:26 - 00000000 ____D C:\Users\caty\AppData\LocalLow\Oracle
2016-11-06 20:10 - 2016-11-06 20:10 - 00000000 __SHD C:\found.002
2016-11-06 15:43 - 2016-11-06 15:50 - 136977614 ____R C:\Users\caty\Downloads\Spectrasonics - Trilian v1.4.3d + Library (UPDATE) OS X [AiR][dada].7z
2016-11-06 15:42 - 2016-11-06 16:23 - 00000000 ____D C:\Users\caty\Downloads\Orange Tree Samples Evolution Acoustic Guitar Steel Strings KONTAKT - MAGNETRiXX [deepstatus][h33t][1337x]
2016-11-06 15:41 - 2016-11-07 12:39 - 00000000 ____D C:\Users\caty\AppData\LocalLow\uTorrent
2016-11-01 00:24 - 2016-11-01 00:25 - 00359518 _____ C:\Users\caty\Downloads\homeward bound.kml
2016-10-30 15:53 - 2016-10-30 15:53 - 00000000 __SHD C:\found.001
2016-10-30 15:36 - 2016-10-30 15:36 - 00000000 _____ C:\Windows\SysWOW64\shoF23A.tmp
2016-10-30 03:01 - 2016-10-30 03:01 - 00767144 _____ C:\Windows\system32\Drivers\SETEB46.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 17:18 - 2016-07-03 15:18 - 00000000 ____D C:\ProgramData\Gramblr
2016-11-28 16:56 - 2012-03-18 12:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-28 16:37 - 2009-07-13 21:45 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-28 16:37 - 2009-07-13 21:45 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-28 16:31 - 2016-08-15 15:15 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001UA.job
2016-11-28 16:27 - 2011-01-27 18:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-28 16:26 - 2010-09-13 07:20 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-11-28 16:25 - 2010-09-13 07:35 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-11-28 16:25 - 2010-09-13 07:35 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-11-28 16:24 - 2012-03-18 12:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-28 16:24 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-28 15:31 - 2016-08-15 15:15 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001Core.job
2016-11-28 15:23 - 2012-03-18 12:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-28 14:12 - 2016-09-27 13:21 - 00000000 ____D C:\Users\caty\Desktop\1
2016-11-28 02:00 - 2011-02-10 20:27 - 00000000 ____D C:\Users\caty\AppData\Local\Adobe
2016-11-25 01:41 - 2009-07-13 22:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-20 21:08 - 2009-07-13 22:13 - 00006514 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-20 20:46 - 2016-08-11 22:02 - 00000000 ___SD C:\Users\caty\AppData\LocalLow\Temp
2016-11-18 13:20 - 2012-03-18 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-16 17:55 - 2016-07-03 15:18 - 00000000 ____D C:\Program Files\Gramblr
2016-11-09 22:25 - 2012-11-09 15:01 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-09 17:34 - 2015-04-16 17:20 - 00000000 ____D C:\Windows\Minidump
2016-11-09 17:33 - 2015-04-16 17:20 - 617004290 _____ C:\Windows\MEMORY.DMP
2016-11-09 14:44 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 12:17 - 2009-07-13 21:45 - 04888752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 03:15 - 2013-07-23 22:24 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 03:06 - 2012-06-05 12:21 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 09:56 - 2012-03-18 12:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 09:56 - 2012-03-18 12:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 09:56 - 2012-03-18 12:10 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 09:56 - 2012-03-18 11:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 09:56 - 2010-09-13 06:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-07 15:32 - 2016-07-31 12:03 - 00000000 ____D C:\Users\caty\AppData\Roaming\uTorrent
2016-11-06 20:46 - 2014-01-05 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-06 20:46 - 2010-09-13 06:58 - 00000000 ____D C:\Program Files\Java
2016-11-06 20:46 - 2010-09-13 06:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-06 20:42 - 2010-09-13 06:58 - 00318528 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2016-11-06 20:42 - 2010-09-13 06:58 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2016-11-06 20:42 - 2010-09-13 06:58 - 00206912 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2016-11-06 20:38 - 2014-02-19 20:41 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-11-06 20:36 - 2014-01-05 18:46 - 00000000 ____D C:\ProgramData\Oracle
2016-11-06 18:19 - 2012-03-18 12:10 - 00000000 ____D C:\Users\caty\AppData\Local\Google
2016-10-30 12:12 - 2011-01-27 15:44 - 00000000 ____D C:\Users\caty

==================== Files in the root of some directories =======

2016-07-08 02:38 - 2016-07-08 02:38 - 0000132 _____ () C:\Users\caty\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-07-09 00:28 - 2016-07-09 00:28 - 0000132 _____ () C:\Users\caty\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-09-23 23:22 - 2016-07-01 10:30 - 0016896 _____ () C:\Users\caty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-18 10:30 - 2015-03-18 10:30 - 0000000 _____ () C:\Users\caty\AppData\Local\{3DC43F5E-EA39-4BC2-9C5B-808637AF0D5B}

Some files in TEMP:
====================
C:\Users\caty\AppData\Local\Temp\50or.exe
C:\Users\caty\AppData\Local\Temp\9ymqohgm.dll
C:\Users\caty\AppData\Local\Temp\ban5ckcr.dll
C:\Users\caty\AppData\Local\Temp\bivjjybz.dll
C:\Users\caty\AppData\Local\Temp\blekko.exe
C:\Users\caty\AppData\Local\Temp\FlashPlayer.exe
C:\Users\caty\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\caty\AppData\Local\Temp\GUR4CD7.exe
C:\Users\caty\AppData\Local\Temp\hyl4cysj.dll
C:\Users\caty\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\caty\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\caty\AppData\Local\Temp\ldoc9yc1.dll
C:\Users\caty\AppData\Local\Temp\MSN6568.exe
C:\Users\caty\AppData\Local\Temp\on4s1ygs.dll
C:\Users\caty\AppData\Local\Temp\xzkmzkfj.dll
C:\Users\caty\AppData\Local\Temp\_is7C70.exe
C:\Users\caty\AppData\Local\Temp\_is9F8A.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-24 02:22

==================== End of FRST.txt ============================

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 12:41 am

more_horiz
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by caty (28-11-2016 17:18:39)
Running from C:\Users\caty\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-27 22:44:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2814596201-296319993-4142043406-500 - Administrator - Disabled)
caty (S-1-5-21-2814596201-296319993-4142043406-1001 - Administrator - Enabled) => C:\Users\caty
Guest (S-1-5-21-2814596201-296319993-4142043406-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2814596201-296319993-4142043406-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Out of date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security (Disabled) {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2814596201-296319993-4142043406-1001\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AirPort (HKLM-x32\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
EPSON NX210 Series Printer Uninstall (HKLM\...\EPSON NX210 Series) (Version:  - SEIKO EPSON Corporation)
FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version:  - )
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.8.0 - Gramblr Team)
Gramblr (HKLM-x32\...\Gramblr) (Version: 2.7.5 - Gramblr Team)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab)
Kaspersky Internet Security 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6088 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.20.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2814596201-296319993-4142043406-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {30B3542C-A821-4B63-BFAC-EDFD7116110B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001UA => C:\Users\caty\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-15] (Google Inc.)
Task: {5656ED10-517E-4CBF-9F3D-04C0ACB06EB6} - System32\Tasks\AdobeAAMUpdater-1.0-caty-PC-caty => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {70691052-10A4-4981-A8F7-930F3F3B165D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {9A747645-478A-4D45-AB53-DF0420E9EAD2} - System32\Tasks\{86CB7301-E87F-4BF8-A810-370BCC52A4DD} => pcalua.exe -a C:\ProgramData\Uninstall\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}\setup.exe -c /x {B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}
Task: {AD0A95E6-8B58-4F6A-A0DF-E01CA165C5B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C184A80A-0860-4124-9A54-A2E2B7F7D24E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {D6188AD8-43D2-4417-9109-4E5ECDBB060E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001Core => C:\Users\caty\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-15] (Google Inc.)
Task: {F97F92C9-5B89-4CB7-9D92-69707D59CFCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001Core.job => C:\Users\caty\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001UA.job => C:\Users\caty\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-12 22:11 - 2016-11-16 17:55 - 10186832 _____ () C:\Program Files\Gramblr\gramblr.exe
2010-09-13 07:20 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-10-15 01:10 - 2009-10-15 01:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-05 20:26 - 2010-10-05 20:26 - 02111160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll
2016-11-08 09:56 - 2016-11-08 09:56 - 19640512 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-08-13 12:42 - 00001031 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\caty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CA4AACFF-D1F0-47F3-88A9-E33C9A7291AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8682920C-48F7-4AC4-9726-98BDDA4EA36E}] => (Allow) svchost.exe
FirewallRules: [{02F08B27-AE7B-44B9-891D-B8C55C32CDB0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{769DB29E-5371-4D5F-B7E8-9F544F4DD676}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1F1B7B70-394F-4171-BF61-BEBE6D65C42C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{45AF79D2-253D-41C2-985E-C5C10DFF3565}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{63EF4C80-BE8B-45DC-97CA-4267419C7666}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [TCP Query User{B52DD5BF-AD4D-47CD-BCB8-028258A22A06}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{BE5D058F-C33E-45D4-A56E-19188E6191E8}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{26C4A821-4420-4D9A-9715-CC535D605872}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{680A24AA-367C-43BB-87B0-8435F637448A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5FFA7C16-2F0B-415B-8D3E-023774A24ADD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A9EBE1A-CE5E-4CC1-8DF7-E735A2518F6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DE88352C-06D6-4565-88E4-B97A6FD8384C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CDC99068-B7BD-4842-BBBB-35809FFF71B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{965A95EB-6655-46DA-A65C-FC763DA5493B}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [{3085E89B-D769-44B2-B803-82E2C16F0721}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1D9D337C-2F03-404A-879D-A8793BB4DA23}] => (Allow) LPort=2869
FirewallRules: [{858DE3F6-4FCD-45D8-AA6B-4FB80E541905}] => (Allow) LPort=1900
FirewallRules: [{A70D6AD1-37C3-41C8-9F80-48CE5E0E9E5E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DBBA7BF1-21A4-4E9D-9400-3DC191FA48EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F144CEC-B45D-4205-B1A6-6D370FF199ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCE02CD6-657D-4876-83F6-94B5906262CC}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2D669E64-F683-47A6-9822-4AFD83DE6491}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A2A40DD1-FA04-48D2-BCCF-4BAAFE586D99}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL (compatible memory).exe
FirewallRules: [{27248657-4DD0-476A-84FD-27153F03C622}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{6734FBDC-9F30-41A2-B2BA-3EB1C9072178}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{62679865-00DD-46F3-8B54-B313C1625701}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL (compatible memory).exe
FirewallRules: [{CE1DCC4B-B8D8-4F65-9261-681F181EEB51}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL.exe
FirewallRules: [{57889C0B-BB44-4006-90E8-C9865E6C869E}] => (Block) %ProgramFiles% (x86)\Image-Line\FL Studio 11\FL64.exe
FirewallRules: [{282BC3B1-5127-42DC-B203-16D24F5538F8}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{C38A12B1-A3FA-4B60-9691-43A91C4104B8}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{26CD4913-537C-46BA-889D-98C9BD3D19A8}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
FirewallRules: [{E6A335F7-D544-4467-A2D1-E101C303251E}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
FirewallRules: [{509E1607-3AC8-4F73-BC18-BA62E126CF7F}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{CD65333C-4F5E-4A99-A637-B52CD45FD6C3}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{6D5B9411-A376-49A1-8BD1-4DA6E5421EFE}] => (Allow) C:\Users\caty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E6D08E93-B515-4AEF-BE08-D799BB8745BD}] => (Allow) C:\Users\caty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE27D3BB-8209-4F64-B811-CDDED0ED1036}] => (Allow) C:\Users\caty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1C406B0-7038-4F92-B493-C750E5C5A2CB}] => (Allow) C:\Users\caty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E48B98B-E273-4A76-B07A-D22D419DF004}] => (Allow) C:\Users\caty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0125E21-6F54-42F2-A1E2-85253E4B8250}] => (Allow) C:\Users\caty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{640C0704-5BB7-4B26-A1D5-07857DB68143}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{F513A799-CBB6-4D68-8807-F8FA0C37139B}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{B09A219D-BFB8-41AD-BF00-6D44E6D64984}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-11-2016 03:00:13 Windows Update
20-11-2016 03:00:28 Windows Update
21-11-2016 03:00:14 Windows Update
23-11-2016 00:22:47 Windows Update
23-11-2016 10:04:33 Windows Update
24-11-2016 03:00:18 Windows Update
25-11-2016 03:00:16 Windows Update
26-11-2016 03:00:17 Windows Update
26-11-2016 19:57:04 Windows Update
27-11-2016 10:17:22 Windows Update
28-11-2016 03:00:15 Windows Update
28-11-2016 16:08:50 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2016 05:15:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:43:30 PM) (Source: TOASTER.EXE) (EventID: 0) (User: )
Description: An Unhandled Exception occured.
The file 'C:\Users\caty\AppData\local\\softthinks\scheduler.xml' already exists.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite)
   at System.IO.File.Copy(String sourceFileName, String destFileName)
   at Toaster.SchedulerReader.read()
   at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
   at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()
   at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers)
   at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e)
   at System.Windows.Threading.DispatcherTimer.FireTick(Object unused)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error: (11/28/2016 04:40:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:40:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:40:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:35:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:35:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:35:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:34:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/28/2016 04:30:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.


System errors:
=============
Error: (11/28/2016 04:31:16 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.

Error: (11/28/2016 04:26:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/28/2016 04:25:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/28/2016 04:25:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.

Error: (11/28/2016 04:24:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/28/2016 04:24:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Log Rotator Service service to connect.

Error: (11/28/2016 04:24:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/28/2016 04:13:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition.

Error: (11/28/2016 04:02:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (11/28/2016 03:12:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition.


CodeIntegrity:
===================================
  Date: 2014-02-19 20:53:05.235
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:05.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:02.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:02.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:00.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:00.417
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:58.213
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:58.011
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:55.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:55.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 3892.52 MB
Available physical RAM: 1659.26 MB
Total Virtual: 7783.23 MB
Available Virtual: 5260.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:180.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F6996217)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 1:16 am

more_horiz
Hello, and welcome to GeekPolice... I am Dr Jay, the Head Administrator and am a teacher in computer security.

Here is the first fix...

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST icon and select Run as Administrator to start the tool.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


Please post it to your reply.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 2:10 am

more_horiz
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by caty (28-11-2016 18:59:17) Run:1
Running from C:\Users\caty\Desktop
Loaded Profiles: caty (Available Profiles: caty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
FRST:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> {AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D} URL =
SearchScopes: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> {E00D1BB8-B2E7-43D9-86B3-291465F16984} URL =
Toolbar: HKU\S-1-5-21-2814596201-296319993-4142043406-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2016-11-09 03:32 - 2016-11-09 03:32 - 00000000 _____ C:\Windows\SysWOW64\sho1450.tmp
2015-03-18 10:30 - 2015-03-18 10:30 - 0000000 _____ () C:\Users\caty\AppData\Local\{3DC43F5E-EA39-4BC2-9C5B-808637AF0D5B}
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
FRST: => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2814596201-296319993-4142043406-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D}" => key removed successfully
HKCR\CLSID\{AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D} => key not found.
"HKU\S-1-5-21-2814596201-296319993-4142043406-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E00D1BB8-B2E7-43D9-86B3-291465F16984}" => key removed successfully
HKCR\CLSID\{E00D1BB8-B2E7-43D9-86B3-291465F16984} => key not found.
HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Windows\SysWOW64\sho1450.tmp => moved successfully
C:\Users\caty\AppData\Local\{3DC43F5E-EA39-4BC2-9C5B-808637AF0D5B} => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69258872 B
Java, Flash, Steam htmlcache => 540 B
Windows/system/drivers => 23491315210 B
Edge => 0 B
Chrome => 86639026 B
Firefox => 77126142 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 213684 B
Public => 0 B
ProgramData => 0 B
systemprofile => 60300445 B
systemprofile32 => 1148236 B
LocalService => 132244 B
NetworkService => 618544 B
caty => 5604545689 B

RecycleBin => 1655776624 B
EmptyTemp: => 28.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:02:55 ====

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 2:46 am

more_horiz
Excellent! That did well... Now to scan further...

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.0.****.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.


  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.




Please download Malwarebytes' AdwCleaner onto your Desktop.

  • Double click on AdwCleaner_xxxx.exe to run the tool.
  • Click on Scan.
  • After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.




Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

  • Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.


Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.



In your next reply, please post the following logs:
  • Malwarebytes' Anti-Malware Log
  • AdwCleaner log
  • Junkware Removal Tool log

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 3:54 am

more_horiz
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/28/2016
Scan Time: 8:09 PM
Logfile: jhh.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.29.01
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: caty

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314096
Time Elapsed: 36 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 4:19 am

more_horiz
The restart prompt was rather delayed. The file attached is the post restart scan log, if there is a difference.

Last edited by dvdauben on 29th November 2016, 4:21 am; edited 1 time in total (Reason for editing : Did not submit query on attachment.)

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 4:38 am

more_horiz
# AdwCleaner v6.030 - Logfile created 28/11/2016 at 21:25:33
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-28.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : caty - CATY-PC
# Running from : C:\Users\caty\Desktop\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\caty\AppData\Local\Best Buy pc app
Folder Found:  C:\ProgramData\Best Buy pc app
Folder Found:  C:\ProgramData\Application Data\Best Buy pc app
Folder Found:  C:\Users\caty\AppData\Local\PackageAware
Folder Found:  C:\ProgramData\blekko toolbars
Folder Found:  C:\ProgramData\Application Data\blekko toolbars
Folder Found:  C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found:  C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  Best Buy pc app


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app_is1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found:  HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js] - "browser.startup.homepage" -  "hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff hxxp://www.google.com/"
Firefox pref Found:  [C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js] - "keyword.URL" -  "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p="
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fbmimoidopbghbcmdmpkjaffffmcbmbg
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mpfapcdfbbledbojijcbcclmlieaoogk

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3964 Bytes] - [28/11/2016 21:25:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4037 Bytes] ##########

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 5:40 am

more_horiz
Okay, did you run the Junkware Removal Tool?

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 5:43 am

more_horiz
Will post as soon as completed.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 5:48 am

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by caty (Administrator) on Mon 11/28/2016 at 22:26:16.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 27

Failed to delete: C:\Program Files\spi (Folder)
Successfully deleted: C:\ProgramData\best buy pc app (Folder)
Successfully deleted: C:\ProgramData\blekko toolbars (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\Users\caty\AppData\Local\best buy pc app (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZZOG2NM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7ICL350 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUP5S1UM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPQ5VAZG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZZOG2NM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7ICL350 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUP5S1UM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPQ5VAZG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho2CEC.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho46E5.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho5AAD.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho71BC.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho7AB3.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho801A.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8033.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8202.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho866E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoAB2C.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoCDF7.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoF23A.tmp (File)

Deleted the following from C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js
user_pref(browser.startup.homepage, hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff|hxxp://www.google.com/);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/28/2016 at 22:44:26.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 6:33 am

more_horiz
Excellent... Now, not to seem redundant, please rerun the tools in the following order to make sure we got it all, along with posting the logs:

-Junkware Removal Tool
-AdwCleaner
-Let me know how things are running currently, please. Smile...

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 7:13 am

more_horiz
Alrighty, AdwCleaner on the way. Noticably different experience right off. Thank You!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by caty (Administrator) on Mon 11/28/2016 at 23:57:23.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js
user_pref(browser.startup.homepage, hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff|hxxp://www.google.com/);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/29/2016 at  0:07:17.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 7:22 am

more_horiz
# AdwCleaner v6.030 - Logfile created 29/11/2016 at 00:14:38
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-28.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : caty - CATY-PC
# Running from : C:\Users\caty\Desktop\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found:  HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\Companion


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js] - "keyword.URL" -  "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p="
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fbmimoidopbghbcmdmpkjaffffmcbmbg
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mpfapcdfbbledbojijcbcclmlieaoogk

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4140 Bytes] - [28/11/2016 21:25:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2813 Bytes] - [29/11/2016 00:14:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2886 Bytes] ##########

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401029th November 2016, 8:23 am

more_horiz
Okay, let's clean with AdwCleaner, and do some final investigations... then it should be an all-clear. [INACTIVE] second-hand dell inspiron n4010 1f604

Remove the Adware

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner_xxxx.exe to run the tool.
  • Press Scan, wait for it to finish, and then hit Clean.
  • Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
  • Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.




Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 1:45 am

more_horiz
I will be back to this device shortly and get back to work, thanks so much for your time and energy!

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 1:50 am

more_horiz
Okay, I look forward to it! [INACTIVE] second-hand dell inspiron n4010 1f600

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 6:40 am

more_horiz
# AdwCleaner v6.030 - Logfile created 29/11/2016 at 23:28:23
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-29.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : caty - CATY-PC
# Running from : C:\Users\caty\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key deleted: HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "keyword.URL" -  "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p="
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fbmimoidopbghbcmdmpkjaffffmcbmbg
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mpfapcdfbbledbojijcbcclmlieaoogk


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2716 Bytes] - [29/11/2016 23:28:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [4140 Bytes] - [28/11/2016 21:25:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2985 Bytes] - [29/11/2016 00:14:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [3058 Bytes] - [29/11/2016 23:27:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3008 Bytes] ##########

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 6:47 am

more_horiz
[INACTIVE] second-hand dell inspiron n4010 Sdsdss10

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 6:48 am

more_horiz
Should I move on to OldTimer?

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 6:52 am

more_horiz
Try this link for Security Check please: http://screen317.changelog.fr/SecurityCheck.exe

Yes, move on to the OTL tool, please. Smile...

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 7:04 am

more_horiz
Another bad one but otl's on the way.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 7:08 am

more_horiz
Okay, I will wait for it. Smile...

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 7:50 am

more_horiz
OTL logfile created on: 11/30/2016 12:06:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\caty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.20% Memory free
7.60 Gb Paging File | 5.70 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 202.27 Gb Free Space | 44.85% Space Free | Partition Type: NTFS
 
Computer Name: CATY-PC | User Name: caty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/11/30 00:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\caty\Desktop\OTL.exe
PRC - [2016/08/11 07:49:18 | 000,978,456 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\Bluestacks\HD-Agent.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/07/13 03:02:57 | 013,579,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\458817680c33d8cdf0e033cd65772906\System.Web.ni.dll
MOD - [2016/06/08 09:25:18 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2b2d69274742cfa9cac75a84dbd6fdf9\System.Management.ni.dll
MOD - [2016/06/08 09:25:01 | 012,945,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MOD - [2016/06/08 09:24:51 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MOD - [2016/06/08 09:24:40 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MOD - [2016/06/08 09:24:38 | 007,518,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MOD - [2016/06/08 09:24:34 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MOD - [2016/06/08 09:24:27 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MOD - [2016/06/08 09:24:17 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
MOD - [2016/06/04 13:55:55 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016/06/04 13:55:50 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
MOD - [2016/06/04 13:55:09 | 007,996,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2015/07/07 10:19:52 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2016/11/16 17:55:20 | 010,186,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Gramblr\gramblr.exe -- (gramblrclient)
SRV:64bit: - [2016/10/27 11:37:41 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016/08/22 09:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2016/11/08 09:56:10 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/08/11 07:47:56 | 000,425,496 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2016/08/11 07:47:09 | 000,445,976 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2016/08/11 07:45:21 | 000,462,360 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe -- (BstHdPlusAndroidSvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/11/29 23:39:00 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/01 10:37:40 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 03:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/01 07:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 22:38:32 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/03 06:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2016/08/11 07:47:38 | 000,152,672 | ---- | M] (BlueStack Systems) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2016/07/28 10:09:30 | 000,307,768 | ---- | M] (Bluestack System Inc. ) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\BstkDrv.sys -- (BstkDrv)
DRV - [2014/01/23 02:22:58 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E00D1BB8-B2E7-43D9-86B3-291465F16984}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS475
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\caty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\caty\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2012/06/05 15:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\KavAntiBanner@kaspersky.ru [2013/06/11 18:05:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2012/06/05 15:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2016/06/08 09:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt
 
[2012/03/18 13:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Extensions
[2016/11/29 23:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions
[2016/09/27 08:48:37 | 001,360,411 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\admin@hide-my-ip.org.xpi
[2016/09/26 20:45:22 | 001,020,810 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\admin@myprivacytools.com.xpi
[2016/10/11 16:01:16 | 000,442,867 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2016/10/23 19:32:28 | 001,454,925 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi
[2016/11/24 00:35:50 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/06/08 09:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/11 18:07:19 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012/06/05 14:22:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013/06/11 18:07:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012/03/19 07:47:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2016/11/29 23:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/03/18 13:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/03/18 13:12:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
 
O1 HOSTS File: ([2016/08/13 12:42:25 | 000,001,031 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKCU..\Run: [EPSON NX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDA.EXE /FU "C:\Windows\TEMP\E_S6E9B.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\caty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab (Java Plug-in 11.111.2)
O16:64bit: - DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab (Java Plug-in 1.8.0_111)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab (Java Plug-in 1.8.0_111)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51DFF7B9-358C-4CF2-B19B-2742F7CC4758}: DhcpNameServer = 13.35.0.1 13.35.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3604CA-70D4-4FAC-B52B-A9251175CB95}: DhcpNameServer = 192.168.0.1 205.171.3.25 205.171.2.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\sbhook.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 7:50 am

more_horiz
========== Files/Folders - Created Within 30 Days ==========
 
[2016/11/30 00:03:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\caty\Desktop\OTL.exe
[2016/11/28 21:21:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2016/11/28 20:53:03 | 001,631,928 | ---- | C] (Malwarebytes) -- C:\Users\caty\Desktop\JRT.exe
[2016/11/28 20:06:50 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/11/28 20:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2016/11/28 20:05:44 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016/11/28 20:05:44 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/11/28 20:05:44 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/11/28 20:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/11/28 20:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016/11/28 18:57:26 | 002,411,520 | ---- | C] (Farbar) -- C:\Users\caty\Desktop\FRST64(1).exe
[2016/11/28 17:15:34 | 000,000,000 | ---D | C] -- C:\FRST
[2016/11/18 00:22:32 | 000,000,000 | ---D | C] -- C:\Users\caty\Documents\PrincessNokia1992
[2016/11/08 16:07:42 | 006,047,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/11/08 16:07:40 | 005,547,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/11/08 16:07:40 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/11/08 16:07:39 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/11/08 16:07:39 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2016/11/08 16:07:39 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2016/11/08 16:07:39 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2016/11/08 16:07:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2016/11/08 16:07:39 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2016/11/08 16:07:38 | 004,000,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2016/11/08 16:07:38 | 003,944,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2016/11/08 16:07:38 | 002,131,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2016/11/08 16:07:38 | 002,055,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2016/11/08 16:07:38 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2016/11/08 16:07:38 | 000,706,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2016/11/08 16:07:38 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2016/11/08 16:07:38 | 000,382,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/11/08 16:07:37 | 000,725,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2016/11/08 16:07:37 | 000,308,456 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/11/08 16:07:37 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2016/11/08 16:07:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2016/11/08 16:07:36 | 000,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/11/08 16:07:36 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tintlgnt.ime
[2016/11/08 16:07:36 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cintlgnt.ime
[2016/11/08 16:07:36 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pintlgnt.ime
[2016/11/08 16:07:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2016/11/08 16:07:35 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2016/11/08 16:07:35 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2016/11/08 16:07:35 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2016/11/08 16:07:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quick.ime
[2016/11/08 16:07:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qintlgnt.ime
[2016/11/08 16:07:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\phon.ime
[2016/11/08 16:07:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chajei.ime
[2016/11/08 16:07:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2016/11/08 16:07:34 | 000,877,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2016/11/08 16:07:34 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2016/11/08 16:07:34 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2016/11/08 16:07:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UtcResources.dll
[2016/11/08 16:07:33 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2016/11/08 16:07:33 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2016/11/08 16:07:32 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2016/11/08 16:07:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2016/11/08 16:07:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2016/11/08 16:07:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2016/11/08 16:07:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2016/11/08 16:07:30 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2016/11/08 16:07:30 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2016/11/08 16:07:30 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2016/11/08 16:07:29 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/11/08 16:07:29 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/11/08 16:07:29 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2016/11/08 16:07:29 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2016/11/08 16:07:29 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2016/11/08 16:07:29 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2016/11/08 16:07:28 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/11/08 16:07:22 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2016/11/08 16:07:22 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2016/11/08 16:07:22 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2016/11/08 16:07:22 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2016/11/08 16:07:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2016/11/08 16:07:22 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2016/11/08 16:07:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2016/11/08 16:07:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2016/11/08 16:07:22 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2016/11/08 16:07:22 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2016/11/08 16:07:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2016/11/08 16:07:22 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2016/11/08 16:07:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2016/11/08 16:07:22 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2016/11/08 16:07:22 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2016/11/08 16:07:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2016/11/08 16:07:22 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2016/11/08 16:07:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2016/11/08 16:07:22 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2016/11/08 16:07:22 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2016/11/08 16:07:21 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2016/11/08 16:07:21 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/11/08 16:07:21 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/11/08 16:07:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/11/08 16:07:21 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/11/08 16:07:21 | 000,576,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/11/08 16:07:21 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2016/11/08 16:07:21 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2016/11/08 16:07:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\INETRES.dll
[2016/11/08 16:07:21 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2016/11/08 16:07:20 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2016/11/08 16:07:20 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/11/08 16:07:20 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2016/11/08 16:07:20 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2016/11/08 16:07:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2016/11/08 16:07:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2016/11/08 16:07:20 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/11/08 16:07:20 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2016/11/08 16:07:20 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2016/11/08 16:07:20 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2016/11/08 16:07:20 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2016/11/08 16:07:20 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2016/11/08 16:07:20 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2016/11/08 16:07:20 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2016/11/08 16:07:20 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/11/08 16:07:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/11/08 16:07:20 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2016/11/08 16:07:20 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2016/11/08 16:07:20 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2016/11/08 16:07:20 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2016/11/08 16:07:20 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2016/11/08 16:07:20 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2016/11/08 16:07:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/11/08 16:07:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2016/11/08 16:07:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2016/11/08 16:07:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/11/08 16:07:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2016/11/08 16:07:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2016/11/08 16:07:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2016/11/08 16:07:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2016/11/08 16:07:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2016/11/08 16:07:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2016/11/08 16:07:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/11/08 16:07:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2016/11/08 16:07:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2016/11/08 16:07:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2016/11/08 16:07:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2016/11/08 16:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2016/11/08 16:07:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2016/11/08 16:07:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2016/11/08 16:07:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2016/11/08 16:07:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2016/11/08 16:07:19 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2016/11/08 16:07:19 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2016/11/08 16:07:19 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2016/11/08 16:07:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2016/11/08 16:07:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2016/11/08 16:07:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2016/11/08 16:07:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2016/11/08 16:07:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2016/11/08 16:07:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2016/11/08 16:07:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2016/11/08 16:07:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2016/11/08 16:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2016/11/08 16:07:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2016/11/08 16:07:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2016/11/08 16:06:44 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2016/11/06 20:46:18 | 000,191,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2016/11/06 20:46:18 | 000,191,040 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2016/11/06 20:46:18 | 000,097,856 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2016/11/06 20:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016/11/06 20:43:26 | 000,110,144 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2016/11/06 20:39:39 | 000,000,000 | ---D | C] -- C:\Users\caty\AppData\Roaming\Sun
[2016/11/06 20:10:55 | 000,000,000 | -HSD | C] -- C:\found.002
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\caty\Desktop\*.tmp files -> C:\Users\caty\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/11/30 00:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\caty\Desktop\OTL.exe
[2016/11/29 23:56:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/11/29 23:46:00 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/11/29 23:46:00 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/11/29 23:42:13 | 000,075,820 | ---- | M] () -- C:\Users\caty\Desktop\sdsdss.JPG
[2016/11/29 23:39:00 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/11/29 23:33:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/11/29 23:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/11/29 23:32:38 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2016/11/29 23:31:08 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001UA.job
[2016/11/29 23:29:37 | 000,046,580 | ---- | M] () -- C:\Users\caty\Desktop\k.JPG
[2016/11/29 23:23:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/11/29 15:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2814596201-296319993-4142043406-1001Core.job
[2016/11/28 20:53:40 | 001,631,928 | ---- | M] (Malwarebytes) -- C:\Users\caty\Desktop\JRT.exe
[2016/11/28 20:52:48 | 003,910,208 | ---- | M] () -- C:\Users\caty\Desktop\adwcleaner_6.030.exe
[2016/11/28 20:05:59 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/11/28 18:57:34 | 002,411,520 | ---- | M] (Farbar) -- C:\Users\caty\Desktop\FRST64(1).exe
[2016/11/28 16:14:51 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2016/11/20 21:08:51 | 001,926,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/11/20 21:08:51 | 000,563,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/11/20 21:08:51 | 000,006,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/11/09 17:33:58 | 617,004,290 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2016/11/09 12:17:35 | 004,888,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2016/11/08 09:56:10 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/11/08 09:56:10 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016/11/06 20:42:51 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2016/11/06 20:42:47 | 000,318,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2016/11/06 20:42:47 | 000,206,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2016/11/06 20:42:46 | 000,206,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2016/11/06 20:38:12 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2016/11/06 20:38:10 | 000,269,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2016/11/06 20:38:10 | 000,191,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2016/11/06 20:38:10 | 000,191,040 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2016/11/02 08:36:15 | 000,382,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2016/11/02 08:32:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2016/11/02 08:32:05 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2016/11/02 08:32:03 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2016/11/02 08:32:01 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2016/11/02 08:22:36 | 000,308,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2016/11/02 08:16:15 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2016/11/02 07:53:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\caty\Desktop\*.tmp files -> C:\Users\caty\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/11/29 23:42:13 | 000,075,820 | ---- | C] () -- C:\Users\caty\Desktop\sdsdss.JPG
[2016/11/29 23:29:36 | 000,046,580 | ---- | C] () -- C:\Users\caty\Desktop\k.JPG
[2016/11/28 20:52:23 | 003,910,208 | ---- | C] () -- C:\Users\caty\Desktop\adwcleaner_6.030.exe
[2016/11/28 20:05:59 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016/11/28 16:14:50 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2016/07/09 00:28:17 | 000,000,132 | ---- | C] () -- C:\Users\caty\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2016/07/08 02:38:13 | 000,000,132 | ---- | C] () -- C:\Users\caty\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/09/23 23:22:39 | 000,016,896 | ---- | C] () -- C:\Users\caty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/29 08:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/29 08:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 7:51 am

more_horiz
OTL Extras logfile created on: 11/30/2016 12:06:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\caty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.20% Memory free
7.60 Gb Paging File | 5.70 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 202.27 Gb Free Space | 44.85% Space Free | Partition Type: NTFS
 
Computer Name: CATY-PC | User Name: caty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1 -- [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5687D1-1889-4F4B-BE3F-A0098B15F561}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D9D337C-2F03-404A-879D-A8793BB4DA23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1F43A5D0-0B18-4BCE-919A-679FA0BFBA8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F5FCD69-3696-4EBA-813C-A45A4EB367EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37CEEB77-523E-4ACD-B500-7F0005E70399}" = rport=139 | protocol=6 | dir=out | app=system |
"{421A0DFF-87FC-4D49-A689-EFC29DDCCF67}" = lport=445 | protocol=6 | dir=in | app=system |
"{454D9739-0E77-42A9-A746-5AD1C451AE1F}" = rport=137 | protocol=17 | dir=out | app=system |
"{4D987764-0387-45C6-A975-AB9445738148}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E8C4129-6483-4E10-B277-FAEB36FF6614}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{544426FC-3746-4ABB-B208-18941F117B49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6DD61711-B0AC-4087-8265-0A682D06BC09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77EADD1C-1D62-434E-835F-E2B237EAE414}" = lport=139 | protocol=6 | dir=in | app=system |
"{7871A432-AFA7-49E7-87CB-A02D52045ADB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AC02351-52D3-4309-84D0-585599531D6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{858DE3F6-4FCD-45D8-AA6B-4FB80E541905}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8682920C-48F7-4AC4-9726-98BDDA4EA36E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A2EA0086-7C12-4269-9D3C-446B8652A897}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC806A6B-DC7F-4FC9-8832-5EE67CF814F0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEA22F82-21B0-480E-A028-A2646FBFCBFA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B04F5CD6-489A-4DE6-A810-11F8697A2316}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B09A219D-BFB8-41AD-BF00-6D44E6D64984}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B4588D7A-D032-494F-A7A7-5C23EE71C5CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{BCE0FA59-CAD5-4872-B653-C879460183DA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2916018-C0E0-4B25-841B-8447ADBA5654}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC084553-B4E3-4814-B971-EAA09E8CA4B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD1630E1-B2B2-4069-ABE7-35F47595FBCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E64B6FDF-A22A-4334-B053-36217FB79714}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF3BFABC-BA78-421F-AF83-8427954F0DF8}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F08B27-AE7B-44B9-891D-B8C55C32CDB0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{11D27CD3-455F-4592-805B-133C156272CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CA805A4-2793-4BAC-B9BC-EDF5DFD0A642}" = protocol=6 | dir=out | app=system |
"{1F1B7B70-394F-4171-BF61-BEBE6D65C42C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{20FA4CEC-6481-4056-AF8E-620AA8C0D022}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26C4A821-4420-4D9A-9715-CC535D605872}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{26CD4913-537C-46BA-889D-98C9BD3D19A8}" = dir=in | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe |
"{27248657-4DD0-476A-84FD-27153F03C622}" = dir=in | app=%programfiles% (x86)\image-line\fl studio 11\fl.exe |
"{282BC3B1-5127-42DC-B203-16D24F5538F8}" = dir=in | app=%programfiles%\adobe\adobe audition cc 2015\adobe audition cc.exe |
"{2D669E64-F683-47A6-9822-4AFD83DE6491}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3085E89B-D769-44B2-B803-82E2C16F0721}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{34254F5A-708B-4382-8E29-682CE5BDCA94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35D6F3F6-3F00-4298-8091-7860E50EC265}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B25BB22-7814-4AA4-AA3A-501B2626F4E6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E48B98B-E273-4A76-B07A-D22D419DF004}" = protocol=17 | dir=in | app=c:\users\caty\appdata\roaming\utorrent\utorrent.exe |
"{45AF79D2-253D-41C2-985E-C5C10DFF3565}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{509E1607-3AC8-4F73-BC18-BA62E126CF7F}" = dir=in | app=%programfiles%\adobe\adobe photoshop cc 2015\photoshop.exe |
"{57889C0B-BB44-4006-90E8-C9865E6C869E}" = dir=out | app=%programfiles% (x86)\image-line\fl studio 11\fl64.exe |
"{5FFA7C16-2F0B-415B-8D3E-023774A24ADD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6004459F-5CEE-44B7-ADA3-C5358D51891C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62679865-00DD-46F3-8B54-B313C1625701}" = dir=out | app=%programfiles% (x86)\image-line\fl studio 11\fl (compatible memory).exe |
"{63EF4C80-BE8B-45DC-97CA-4267419C7666}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{640C0704-5BB7-4B26-A1D5-07857DB68143}" = dir=in | app=%programfiles%\adobe\adobe audition cc 2015\adobe audition cc.exe |
"{6734FBDC-9F30-41A2-B2BA-3EB1C9072178}" = dir=in | app=%programfiles% (x86)\image-line\fl studio 11\fl64.exe |
"{680A24AA-367C-43BB-87B0-8435F637448A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6D5B9411-A376-49A1-8BD1-4DA6E5421EFE}" = protocol=6 | dir=in | app=c:\users\caty\appdata\roaming\utorrent\utorrent.exe |
"{769DB29E-5371-4D5F-B7E8-9F544F4DD676}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7D249D8E-EBBA-4EE8-8978-5D6962CDE55D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A9EBE1A-CE5E-4CC1-8DF7-E735A2518F6B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CDAB31B-7429-48B0-B657-DC119B05FD51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{938676B6-8C0D-43EB-992B-357DA8414567}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{965A95EB-6655-46DA-A65C-FC763DA5493B}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{96E1CECD-E063-4BB6-AFB9-B08D59F1A017}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9F144CEC-B45D-4205-B1A6-6D370FF199ED}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A250B589-95E5-441F-9888-782DE828953F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2A40DD1-FA04-48D2-BCCF-4BAAFE586D99}" = dir=in | app=%programfiles% (x86)\image-line\fl studio 11\fl (compatible memory).exe |
"{A70D6AD1-37C3-41C8-9F80-48CE5E0E9E5E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AE27D3BB-8209-4F64-B811-CDDED0ED1036}" = protocol=17 | dir=in | app=c:\users\caty\appdata\roaming\utorrent\utorrent.exe |
"{BE35C397-3147-4513-A26C-D857A3EB0646}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C38A12B1-A3FA-4B60-9691-43A91C4104B8}" = dir=out | app=%programfiles%\adobe\adobe audition cc 2015\adobe audition cc.exe |
"{CA4AACFF-D1F0-47F3-88A9-E33C9A7291AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CCE02CD6-657D-4876-83F6-94B5906262CC}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CD65333C-4F5E-4A99-A637-B52CD45FD6C3}" = dir=out | app=%programfiles%\adobe\adobe photoshop cc 2015\photoshop.exe |
"{CDC99068-B7BD-4842-BBBB-35809FFF71B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE1DCC4B-B8D8-4F65-9261-681F181EEB51}" = dir=out | app=%programfiles% (x86)\image-line\fl studio 11\fl.exe |
"{CEC33B13-93F8-4CBD-A8C4-C206D96992BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DBBA7BF1-21A4-4E9D-9400-3DC191FA48EB}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{DE88352C-06D6-4565-88E4-B97A6FD8384C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E1C406B0-7038-4F92-B493-C750E5C5A2CB}" = protocol=6 | dir=in | app=c:\users\caty\appdata\roaming\utorrent\utorrent.exe |
"{E3F3EFDE-C709-47D8-9C02-B9C0ECF310C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6A335F7-D544-4467-A2D1-E101C303251E}" = dir=out | app=%programfiles%\adobe\adobe photoshop cs6 (64 bit)\photoshop.exe |
"{E6D08E93-B515-4AEF-BE08-D799BB8745BD}" = protocol=6 | dir=out | app=c:\users\caty\appdata\roaming\utorrent\utorrent.exe |
"{EA07A26A-2EBB-433F-B9E8-E57EDC89A545}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0125E21-6F54-42F2-A1E2-85253E4B8250}" = protocol=17 | dir=out | app=c:\users\caty\appdata\roaming\utorrent\utorrent.exe |
"{F513A799-CBB6-4D68-8807-F8FA0C37139B}" = dir=out | app=%programfiles%\adobe\adobe audition cc 2015\adobe audition cc.exe |
"{F926996A-F6D5-4A30-BEB1-499A5038B1B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FB8B10F6-946D-4470-BD88-2BBB48FDF2BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD80E8F0-E9B6-4668-8434-2446D965A315}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{B52DD5BF-AD4D-47CD-BCB8-028258A22A06}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{BE5D058F-C33E-45D4-A56E-19188E6191E8}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F64180111F0}" = Java 8 Update 111 (64-bit)
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"DW WLAN Card" = DW WLAN Card
"EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall
"FL Studio 12.1.2_is1" = FL Studio 12.1.2
"FL Studio ASIO" = FL Studio ASIO
"Gramblr" = Gramblr
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839A3566-AED6-4787-A849-5CBE2B1DC6AE}" = Adobe Audition CC 2015
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9B579C2-D854-300A-BE62-A09EB9D722E4}" = Google Talk Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ASIO4ALL" = ASIO4ALL
"BlueStacks" = BlueStacks App Player
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"Gramblr" = Gramblr
"IL Download Manager" = IL Download Manager
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.1.1043
"Mozilla Firefox 50.0.1 (x86 en-US)" = Mozilla Firefox 50.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/30/2016 2:28:23 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
Error - 11/30/2016 2:34:55 AM | Computer Name = caty-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=B88} The Application Virtualization Client could not connect to
 stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7176.5000.sft'
 (rc 00000729-00000026, original rc 00000729-00000026).
 
Error - 11/30/2016 2:34:56 AM | Computer Name = caty-PC | Source = CVHSVC | ID = 100
Description = Information only.  Click-2-Run package registration failure.
 
Error - 11/30/2016 2:36:50 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
Error - 11/30/2016 2:38:46 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
Error - 11/30/2016 2:38:46 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
Error - 11/30/2016 2:52:15 AM | Computer Name = caty-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. The file 'C:\Users\caty\AppData\local\\softthinks\scheduler.xml'
 already exists.    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)

   at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Boolean
 overwrite)     at System.IO.File.Copy(String sourceFileName, String destFileName)

   at Toaster.SchedulerReader.read()     at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()

   at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder()     at Toaster.Helper.CheckReminders(ObservableCollection`1
 notificationHelpers)     at Toaster.MainWindowViewModel.NotificationsTimerTick(Object
 sender, EventArgs e)     at System.Windows.Threading.DispatcherTimer.FireTick(Object
 unused)     at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
 
Error - 11/30/2016 3:05:13 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
Error - 11/30/2016 3:15:12 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
Error - 11/30/2016 3:16:06 AM | Computer Name = caty-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Failed to add certificate to Third-Party Root Certification Authorities
 store with error: Access is denied.  
 
[ Dell Events ]
Error - 2/18/2013 6:32:33 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 2/25/2013 9:31:24 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 2/25/2013 9:31:24 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/13/2013 5:07:40 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/13/2013 5:07:40 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/20/2013 5:16:18 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/20/2013 5:16:18 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/27/2013 5:18:58 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/27/2013 5:18:58 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 3/27/2013 6:05:09 PM | Computer Name = caty-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 11/30/2016 2:27:43 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Management & Security Application User Notification Service
 service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 11/30/2016 2:27:43 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (DellSupportCenter) service terminated
 unexpectedly.  It has done this 1 time(s).
 
Error - 11/30/2016 2:27:43 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
 unexpectedly.  It has done this 1 time(s).  The following corrective action will
 be taken in 0 milliseconds: Restart the service.
 
Error - 11/30/2016 2:28:11 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Search service, but
 this action failed with the following error:   %%1056
 
Error - 11/30/2016 2:30:04 AM | Computer Name = caty-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\bcmihvsrv64.dll

 
Error - 11/30/2016 2:30:59 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the AVP service.
 
Error - 11/30/2016 2:33:33 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
 error:   %%2
 
Error - 11/30/2016 2:34:15 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BlueStacks
 Log Rotator Service service to connect.
 
Error - 11/30/2016 2:34:15 AM | Computer Name = caty-PC | Source = Service Control Manager | ID = 7000
Description = The BlueStacks Log Rotator Service service failed to start due to
the following error:   %%1053
 
Error - 11/30/2016 2:39:08 AM | Computer Name = caty-PC | Source = WMPNetworkSvc | ID = 866297
Description =
 
 
< End of report >

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 8:35 am

more_horiz
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:


  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 8:43 am

more_horiz
[INACTIVE] second-hand dell inspiron n4010 Jkjhk10

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 8:48 am

more_horiz
It is slow at start up, java and firefox ask to update frequently and there is an occasional hang for an unresponsive script warning browsing with firefox. That has been all that i've experienced thus far.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 8:54 am

more_horiz
I see that multiple svchost.exe are running in the Task Manager. However, I do also notice that none of them are hogging the processor or the RAM, so it does appear normal to me.

Let us run another round of tools (I'm not tool happy, I promise Cheesy Grin (sparkly ) These tools are able to diagnose hidden technical issues in Windows that may be able to see what the deal is with startup. Smile...

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.



Please download Farbar Service Scanner and run it on the computer with the issue.
    Check "Include All Files" option.
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.



Please post logs from MiniToolbox and FSS in your next reply.

(I will be back tomorrow afternoon, as I've reached the end of my workday)  [INACTIVE] second-hand dell inspiron n4010 1f632

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 11:01 am

more_horiz
MiniToolBox by Farbar  Version: 17-06-2016
Ran by caty (administrator) on 30-11-2016 at 04:00:04
Running from "C:\Users\caty\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Inspiron N4010 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : caty-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 1C-65-9D-51-F2-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
   Physical Address. . . . . . . . . : 02-50-F2-00-00-01
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : domain
   Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : 1C-65-9D-51-F2-F2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f9b7:a639:17da:9034%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 29, 2016 11:33:42 PM
   Lease Expires . . . . . . . . . . : Wednesday, November 30, 2016 4:33:43 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 219964829
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-20-00-A5-F0-4D-A2-4B-92-D6
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.3.25
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : H-DL.TEST
   Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : F0-4D-A2-4B-92-D6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain:

   Connection-specific DNS Suffix  . : domain
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.8%21(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.3.25
                                       205.171.2.25
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{29B74E06-3ED7-4B8F-B259-2B883283706B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.H-DL.TEST:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9A6157AE-242D-4652-8E4B-FFD3FB3A3661}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  modem.domain
Address:  192.168.0.1

Name:    google.com
Addresses:  2607:f8b0:4007:80a::200e
      216.58.216.46


Pinging google.com [216.58.216.46] with 32 bytes of data:
Reply from 216.58.216.46: bytes=32 time=36ms TTL=56
Reply from 216.58.216.46: bytes=32 time=36ms TTL=56

Ping statistics for 216.58.216.46:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 36ms, Average = 36ms
Server:  modem.domain
Address:  192.168.0.1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=68ms TTL=52
Reply from 206.190.36.45: bytes=32 time=68ms TTL=52

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 68ms, Maximum = 68ms, Average = 68ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...1c 65 9d 51 f2 f2 ......Microsoft Virtual WiFi Miniport Adapter
 13...02 50 f2 00 00 01 ......Broadcom Virtual Wireless Adapter
 11...1c 65 9d 51 f2 f2 ......DW1501 Wireless-N WLAN Half-Mini Card
 10...f0 4d a2 4b 92 d6 ......Atheros AR8152 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.8    281
      192.168.0.8  255.255.255.255         On-link       192.168.0.8    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.8    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 21    286 fe80::5efe:192.168.0.8/128
                                    On-link
 11    281 fe80::f9b7:a639:17da:9034/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/30/2016 03:59:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:58:47 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:43:05 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:42:34 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:10:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:09:59 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:09:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:09:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:07:18 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/30/2016 03:05:10 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (11/30/2016 03:28:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition.

Error: (11/29/2016 11:39:08 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006

Error: (11/29/2016 11:34:15 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (11/29/2016 11:34:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Log Rotator Service service to connect.

Error: (11/29/2016 11:33:33 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (11/29/2016 11:30:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP service.

Error: (11/29/2016 11:30:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (11/29/2016 11:28:11 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.


Error: (11/29/2016 11:27:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/29/2016 11:27:43 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/30/2016 03:59:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:58:47 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:43:05 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:42:34 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:10:01 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:09:59 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:09:17 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:09:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:07:18 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Access is denied.

Error: (11/30/2016 03:05:10 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Click-to-Run 2010Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition1603(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-02-19 20:53:05.235
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:05.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:02.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:02.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:00.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:53:00.417
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:58.213
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:58.011
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:55.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 20:52:55.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 3892.52 MB
Available physical RAM: 1348.71 MB
Total Virtual: 7783.23 MB
Available Virtual: 4359.23 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:206.53 GB) NTFS

========================= Users: ========================================

User accounts for \\CATY-PC

Administrator            caty                     Guest                   


**** End of log ****

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 11:05 am

more_horiz
Farbar Service Scanner Version: 27-01-2016
Ran by caty (administrator) on 30-11-2016 at 04:04:12
Running from "C:\Users\caty\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 11:07 am

more_horiz
😴 ttyl

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401030th November 2016, 5:29 pm

more_horiz
Okay, there are many issues with security permissions, errors in Windows, and other problems... Let's do the following, please:

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on [INACTIVE] second-hand dell inspiron n4010 QfBzvq1 and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
[INACTIVE] second-hand dell inspiron n4010 2f8o60N

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
[INACTIVE] second-hand dell inspiron n4010 Ymy7crZ

- Go to Step 4, then click Do It.
[INACTIVE] second-hand dell inspiron n4010 ZDtdN75

- Go to Step 5. Under System Restore click Create.
[INACTIVE] second-hand dell inspiron n4010 F7lEe1N

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
[INACTIVE] second-hand dell inspiron n4010 PGv2vtD

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401012th December 2016, 2:44 am

more_horiz
Still Need Help: Hello again,

Do you still need help? Please let us know how your computer is running and if you want to continue in this topic. This notice serves that it will be closed within a week of no replies.

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n401019th December 2016, 1:34 am

more_horiz
[adm]This topic is now closed. You may open a new topic if you need help in the future. Thanks for choosing to use our service![/adm]

description[INACTIVE] second-hand dell inspiron n4010 EmptyRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum