TikiCarol

Was able to run in safe mode. Files attached. FRST.txt Addition.txt Malwarebytes.txt

Was able to open the download folder but can not install FRST64.exe to scan and post reports. The courser just spins Please help.

The Remote Procedure Call Failed and Did Not Execute - errors and Internet Exp. and Firefox browsers no longer run. Just Chrome. Also I can get into safe mode to roll back but not safe mode with networking.

OK, Thanks very much. I'll be dropping by paypal to give you a lil somethin somethin.

Files attached. As a side note I noticed brief flash(s) while going from site to site this morning. Monitor is 5+ years old but no probles other than site to site. Just mentioning this in case you may think some of this is monitor related. I do not know. Addition.txt FRST.txt

Problems with browsing are solved but computer still running slow(er) than before June 4th.

Log Name: Application Source: Microsoft-Windows-Wininit Date: 6/6/2015 6:21:14 PM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: User1-PC Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 292864 file records processed. File verification completed. 1795 large file records processed. 0 bad file records processed. 0 EA records processed. 68 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 352912 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 292864 file SDs/SIDs processed. Cleaning up 279 unused index entries from index $SII of file 0x9. Cleaning up 279 unused index entries from index $SDH of file 0x9. Cleaning up 279 unused security descriptors. Security descriptor verification completed. 30025 data files processed. CHKDSK is verifying Usn Journal... 34805496 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 292848 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 199967973 free clusters processed. Free space verification is complete. Windows has checked the file system and found no problems. 976657407 KB total disk space. 176256792 KB in 153576 files. 103920 KB in 30026 indexes. 0 KB in bad sectors. 424803 KB in use by the system. 65536 KB occupied by the log file. 799871892 KB available on disk. 4096 bytes in each allocation unit. 244164351 total allocation units on disk. 199967973 allocation units available on disk. Internal Info: 00 78 04 00 3e cd 02 00 18 3e 05 00 00 00 00 00 .x..>....>...... 93 07 00 00 44 00 00 00 00 00 00 00 00 00 00 00 ....D........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-06-06T22:21:14.000000000Z" /> <EventRecordID>68307</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>User1-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 292864 file records processed. File verification completed. 1795 large file records processed. 0 bad file records processed. 0 EA records processed. 68 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 352912 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 292864 file SDs/SIDs processed. Cleaning up 279 unused index entries from index $SII of file 0x9. Cleaning up 279 unused index entries from index $SDH of file 0x9. Cleaning up 279 unused security descriptors. Security descriptor verification completed. 30025 data files processed. CHKDSK is verifying Usn Journal... 34805496 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 292848 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 199967973 free clusters processed. Free space verification is complete. Windows has checked the file system and found no problems. 976657407 KB total disk space. 176256792 KB in 153576 files. 103920 KB in 30026 indexes. 0 KB in bad sectors. 424803 KB in use by the system. 65536 KB occupied by the log file. 799871892 KB available on disk. 4096 bytes in each allocation unit. 244164351 total allocation units on disk. 199967973 allocation units available on disk. Internal Info: 00 78 04 00 3e cd 02 00 18 3e 05 00 00 00 00 00 .x..>....>...... 93 07 00 00 44 00 00 00 00 00 00 00 00 00 00 00 ....D........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>

Now I have added problems: - Going from site to site the screen goes white(er) or light (?) with the web page I'm on fading. - Cursor changes to a clock type icon and spins when I try to go from page to page while above happens. - Takes longer for pages to load (lag?) - Had to request password reset on one site so far (gocomics was the site). Did not request any other password resets yet but they are all asking for re-log in when visited.

Files attached. AdwCleanerS0.txt Fixlog.txt

Files Attached Addition.txt FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015 Ran by User1 (administrator) on USER1-PC on 05-06-2015 13:21:39 Running from C:\Users\User1\Downloads Loaded Profiles: User1 & UpdatusUser (Available Profiles: User1 & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Spotify Ltd) C:\Users\User1\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Curse) C:\Users\User1\AppData\Local\Apps\2.0\KCWBV7HE.218\XV82A937.8W2\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1811926671-1166010024-57519386-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6886752 2015-01-07] (Binary Fortress Software) HKU\S-1-5-21-1811926671-1166010024-57519386-1000\...\Run: [spotify Web Helper] => C:\Users\User1\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-18] (Spotify Ltd) HKU\S-1-5-21-1811926671-1166010024-57519386-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File not found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File not found Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-05-22] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1811926671-1166010024-57519386-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1811926671-1166010024-57519386-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage SearchScopes: HKU\S-1-5-21-1811926671-1166010024-57519386-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-05-25] (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-05-25] (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-05-25] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-05-25] (McAfee, Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Bing FF SelectedSearchEngine: Google FF Homepage: hxxp://www.foxnews.com/ FF Keyword.URL: hxxp://www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-21] () FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-1811926671-1166010024-57519386-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\searchplugins\bing-.xml [2015-04-10] FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\searchplugins\google-default.xml [2015-03-11] FF Extension: Bing Search - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\bingsearch.full@microsoft.com [2015-04-10] FF Extension: BlackFox V2 - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\zigboom@hotmail.com [2015-05-03] FF Extension: Bloody Red - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2013-09-04] FF Extension: Flash and Video Download - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-05-28] FF Extension: Reddit Enhancement Suite - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-09-04] FF Extension: NASA Night Launch - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\nasanightlaunch@example.com.xpi [2015-03-10] FF Extension: ShadGlo Library Toolbar Skin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\{0a6525b8-7c08-451e-b443-970c9bc2f246}.xpi [2015-03-10] FF Extension: Black Skin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\{2aa024bd-65c3-4256-8343-d32e1047acff}.xpi [2015-03-10] FF Extension: Download YouTube Videos as MP4 - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-04-30] FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\a0r3d5ft.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-01] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-09-01] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-09-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-01] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-11-07] (Advanced Micro Devices, Inc.) [File not signed] S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3169648 2015-01-07] (Binary Fortress Software) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-05-25] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.) S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.) S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.) S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2013-09-01] (C-Media Inc) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-05] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-05 13:21 - 2015-06-05 13:22 - 00019523 _____ C:\Users\User1\Downloads\FRST.txt 2015-06-05 13:20 - 2015-06-05 13:20 - 02108928 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe 2015-06-05 10:56 - 2015-06-05 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-06-01 12:20 - 2015-06-01 12:20 - 00000000 ____D C:\Users\User1\AppData\Local\GWX 2015-05-27 22:06 - 2015-05-27 22:06 - 00001159 _____ C:\Users\User1\Desktop\Mozilla Firefox.lnk 2015-05-26 19:52 - 2015-05-26 19:55 - 116850676 _____ C:\Users\User1\Downloads\The Sugar Hill Gang - Rapper's Delight ( HQ, Full Version ).mp4 2015-05-24 20:31 - 2015-05-24 20:35 - 153091664 _____ C:\Users\User1\Downloads\Steven Universe Temple Pilot Version Part 4.mp4 2015-05-23 22:37 - 2015-05-23 22:38 - 42096984 _____ (Apple Inc.) C:\Users\User1\Downloads\QuickTimeInstaller.exe 2015-05-23 21:14 - 2015-05-23 21:26 - 391135775 _____ C:\Users\User1\Downloads\Steven Universe Temple Pilot Version Part 3.mp4 2015-05-23 14:17 - 2015-05-23 14:17 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-05-23 14:17 - 2015-05-23 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-23 14:14 - 2015-05-23 14:17 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-05-23 14:14 - 2015-05-23 14:17 - 00000000 ____D C:\Program Files\iTunes 2015-05-23 14:14 - 2015-05-23 14:14 - 00000000 ____D C:\Program Files\iPod 2015-05-23 14:14 - 2015-05-23 14:14 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-05-23 13:56 - 2015-05-23 14:00 - 152362800 _____ (Apple Inc.) C:\Users\User1\Downloads\iTunes6464Setup.exe 2015-05-22 15:01 - 2015-05-22 15:46 - 00000000 ____D C:\Users\User1\Downloads\ebay 2015-05-19 11:37 - 2015-05-19 11:37 - 00003424 _____ C:\Windows\System32\Tasks\RealDownloader Update Check 2015-05-19 11:37 - 2015-05-19 11:37 - 00003162 _____ C:\Windows\System32\Tasks\RealCreateProcessScheduledTask5441611S-1-5-21-1811926671-1166010024-57519386-1000 2015-05-19 11:37 - 2015-05-19 11:37 - 00000000 ____D C:\Users\User1\AppData\Local\Real 2015-05-19 11:36 - 2015-05-19 11:36 - 00000000 ____D C:\Users\User1\AppData\Local\CrashRpt 2015-05-19 11:34 - 2015-05-19 15:14 - 00000000 ____D C:\Program Files (x86)\Real 2015-05-19 11:33 - 2015-05-19 15:13 - 00000000 ____D C:\Users\User1\AppData\Roaming\Real 2015-05-19 11:30 - 2015-05-19 15:13 - 00000000 ____D C:\ProgramData\Real 2015-05-18 23:14 - 2015-05-23 11:05 - 00000000 ____D C:\Users\User1\AppData\Local\Spotify 2015-05-18 23:14 - 2015-05-18 23:14 - 00001767 _____ C:\Users\User1\Desktop\Spotify.lnk 2015-05-18 23:14 - 2015-05-18 23:14 - 00001753 _____ C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-05-18 23:12 - 2015-05-23 11:04 - 00000000 ____D C:\Users\User1\AppData\Roaming\Spotify 2015-05-17 18:01 - 2015-05-17 18:10 - 254770981 _____ C:\Users\User1\Downloads\▶ Yma Sumac - The Ultimate Collection (COMPLETO) - YouTube [720p].mp4 2015-05-17 17:55 - 2015-05-17 17:56 - 12822260 _____ C:\Users\User1\Downloads\Towa Tei - Luv Connection.mp4 2015-05-17 17:31 - 2015-05-17 17:32 - 47142785 _____ C:\Users\User1\Downloads\Cool Dub Music Dubnova (Part1_2) (TOWA TEI).mp4 2015-05-17 17:27 - 2015-05-17 17:27 - 05118359 _____ C:\Users\User1\Downloads\Towa Tei - La Douce Vie.mp4 2015-05-17 17:20 - 2015-05-17 17:20 - 13826164 _____ C:\Users\User1\Downloads\Towa Tei - Son of Bambi (Walk Tuff).mp4 2015-05-16 19:08 - 2015-05-16 19:08 - 00002934 _____ C:\Windows\System32\Tasks\{1B6F46F5-3106-4FEF-B82D-4ECF36E223D2} 2015-05-16 18:42 - 2015-05-16 19:13 - 00000000 ____D C:\Users\User1\AppData\Roaming\OBS 2015-05-16 18:40 - 2015-05-16 18:40 - 00000935 _____ C:\Users\User1\Desktop\Open Broadcaster Software.lnk 2015-05-16 18:40 - 2015-05-16 18:40 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2015-05-16 18:40 - 2015-05-16 18:40 - 00000000 ____D C:\Program Files\OBS 2015-05-16 18:39 - 2015-05-16 18:40 - 00000000 ____D C:\Program Files (x86)\OBS 2015-05-14 19:15 - 2015-06-05 10:51 - 00007112 _____ C:\Windows\setupact.log 2015-05-14 19:15 - 2015-05-14 19:15 - 00000000 _____ C:\Windows\setuperr.log 2015-05-13 09:18 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 09:18 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 09:18 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 09:18 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 09:18 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 09:18 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 09:18 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 09:18 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 09:18 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 09:18 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 09:18 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 09:18 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 09:18 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 09:18 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 09:18 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 09:18 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 09:18 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 09:18 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 09:18 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 09:18 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 09:18 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 09:18 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 09:18 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 09:18 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 09:18 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 09:18 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 09:18 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 09:18 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 09:18 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 09:18 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 09:18 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 09:18 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 09:18 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 09:18 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 09:18 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 09:18 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 09:18 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 09:18 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 09:18 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 09:18 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 09:18 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 09:18 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 09:18 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 09:18 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 09:18 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 09:18 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 09:18 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 09:18 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 09:18 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 09:18 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 09:18 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 09:18 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 09:18 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 09:18 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 09:18 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 09:18 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 09:18 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 09:18 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 09:18 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 09:18 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 09:00 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 09:00 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 09:00 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 09:00 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 08:55 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 08:55 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 08:55 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 08:55 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 08:55 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 08:55 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 08:55 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 08:55 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 08:55 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 08:55 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 08:55 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 08:55 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 08:55 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 08:55 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 08:55 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 08:55 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 08:55 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 08:55 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 08:55 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 08:55 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 08:55 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 08:55 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 08:55 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 08:55 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 08:55 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 08:55 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 08:55 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 08:55 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 08:55 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 08:55 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 08:55 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 08:55 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 08:55 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 08:55 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 08:54 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 08:54 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 08:54 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 08:54 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 08:54 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 08:54 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 08:54 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 08:53 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 08:53 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 08:51 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 08:51 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 08:08 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 08:08 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 08:07 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 08:07 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 08:07 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 08:07 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 08:07 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 08:07 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 08:07 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-12 23:50 - 2015-05-12 23:50 - 00001236 _____ C:\Users\Public\Desktop\World of Warcraft.lnk 2015-05-12 23:50 - 2015-05-12 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft 2015-05-12 23:39 - 2015-05-12 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-05-12 23:29 - 2015-05-13 21:43 - 00000000 ____D C:\Users\User1\Documents\MoviePlus X5 2015-05-12 23:28 - 2015-05-12 23:28 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif MoviePlus X5.lnk 2015-05-12 23:28 - 2015-05-12 23:28 - 00002134 _____ C:\Users\Public\Desktop\Serif MoviePlus X5.lnk 2015-05-12 22:53 - 2015-05-12 22:53 - 00000000 ____D C:\Users\User1\AppData\Local\Wondershare 2015-05-12 22:53 - 2015-05-12 22:53 - 00000000 ____D C:\ProgramData\Wondershare 2015-05-12 22:52 - 2015-05-12 22:52 - 00000000 ____D C:\ProgramData\Wondershare Video Editor 2015-05-12 22:51 - 2015-05-12 22:53 - 00000000 ____D C:\Users\User1\Documents\Wondershare Video Editor 2015-05-12 22:51 - 2015-02-27 11:33 - 02140712 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgvout.004 2015-05-12 22:51 - 2015-02-27 11:33 - 00531496 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpeg2mux.ax 2015-05-12 22:51 - 2015-02-27 11:33 - 00375848 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcm2ve.ax 2015-05-12 22:51 - 2015-02-27 11:33 - 00257064 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcl2ae.ax 2015-05-12 22:51 - 2015-02-27 11:33 - 00244776 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgaout.dll 2015-05-12 22:51 - 2015-02-27 11:33 - 00020520 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgvout.dll 2015-05-12 22:47 - 2015-05-12 22:51 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2015-05-12 22:37 - 2015-05-12 22:37 - 00000318 _____ C:\Users\User1\Desktop\Curse Client.appref-ms 2015-05-12 22:37 - 2015-05-12 22:37 - 00000000 ____D C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-05 13:21 - 2015-04-07 12:35 - 00000000 ____D C:\FRST 2015-06-05 13:16 - 2015-04-03 16:43 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-05 12:52 - 2013-09-02 11:21 - 00000000 ____D C:\Users\User1\AppData\Local\Deployment 2015-06-05 12:52 - 2013-08-31 15:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-05 12:33 - 2015-03-03 00:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-05 12:25 - 2009-07-14 01:13 - 00782290 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-05 10:59 - 2009-07-14 00:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-05 10:59 - 2009-07-14 00:45 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-05 10:54 - 2013-07-20 11:07 - 02042476 _____ C:\Windows\WindowsUpdate.log 2015-06-05 10:51 - 2015-03-03 00:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-05 10:51 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-05 10:36 - 2013-07-20 11:40 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{907F79C1-867B-4A3A-B570-D2426671F3C2} 2015-06-04 22:54 - 2014-04-15 13:47 - 00000000 ____D C:\Users\User1\AppData\Local\Battle.net 2015-06-04 15:08 - 2015-02-18 14:49 - 00003738 _____ C:\Users\User1\Desktop\key words.txt 2015-06-04 14:01 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-06-02 13:24 - 2014-04-15 13:47 - 00000000 ____D C:\Program Files (x86)\Battle.net 2015-06-02 11:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-01 15:04 - 2013-09-01 18:14 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-06-01 15:04 - 2013-07-27 10:32 - 00325376 _____ C:\Windows\PFRO.log 2015-05-31 14:57 - 2014-11-21 10:57 - 00000000 ____D C:\Users\User1\AppData\Local\DisplayFusion 2015-05-27 17:10 - 2015-04-10 19:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-05-24 14:13 - 2009-07-14 01:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-23 22:34 - 2013-09-02 12:50 - 00000000 ____D C:\ProgramData\Apple Computer 2015-05-23 14:14 - 2013-09-02 12:49 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-05-22 14:07 - 2015-03-26 10:37 - 00000000 ____D C:\Users\User1\AppData\Local\Windows Live 2015-05-21 07:54 - 2014-09-06 14:43 - 00000000 ____D C:\Users\User1\AppData\Local\Adobe 2015-05-21 07:53 - 2013-08-31 15:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-21 07:53 - 2013-08-31 15:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-21 07:53 - 2013-08-31 15:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-19 22:37 - 2015-04-04 07:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-19 22:37 - 2015-04-04 07:06 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-19 19:15 - 2013-09-02 12:52 - 00000000 ____D C:\Users\User1\AppData\Local\Apple Computer 2015-05-19 15:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Globalization 2015-05-14 22:28 - 2015-03-03 00:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-14 22:28 - 2015-03-03 00:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-13 21:11 - 2013-08-31 14:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2015-05-13 15:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2015-05-13 10:59 - 2013-09-14 02:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-13 10:59 - 2013-09-14 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-13 10:59 - 2009-07-14 00:45 - 00384160 _____ C:\Windows\system32\FNTCACHE.DAT 2015-05-13 10:56 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-13 10:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-13 10:46 - 2013-08-31 15:12 - 00000000 ____D C:\Windows\system32\MRT 2015-05-13 10:40 - 2013-07-20 14:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 10:36 - 2013-09-14 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 23:29 - 2013-11-16 17:54 - 00000000 ____D C:\Users\User1\AppData\Local\Serif 2015-05-12 23:27 - 2013-11-16 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications 2015-05-12 23:27 - 2013-11-16 17:36 - 00000000 ____D C:\Program Files (x86)\Serif 2015-05-12 22:53 - 2013-07-20 11:51 - 00114112 _____ C:\Users\User1\AppData\Local\GDIPFONTCACHEV1.DAT ==================== Files in the root of some directories ======= 2014-10-17 07:58 - 2014-12-02 09:58 - 0000001 _____ () C:\Users\User1\AppData\Local\DSI.DAT 2014-09-29 15:01 - 2014-09-29 15:48 - 0007599 _____ () C:\Users\User1\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 11:22 ==================== End of log ============================

Computer now runs slow. Malwarebytes show no current infection. When I ran it late last week it show'd 8 infections (if I remember correctly; may have been more). This morning this computer is running super slow. Like it has to think about what it's going to do before it does it. On line or off it reacts the same. Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015 Ran by User1 at 2015-06-05 13:23:11 Running from C:\Users\User1\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1811926671-1166010024-57519386-500 - Administrator - Disabled) Guest (S-1-5-21-1811926671-1166010024-57519386-501 - Limited - Disabled) UpdatusUser (S-1-5-21-1811926671-1166010024-57519386-1041 - Limited - Enabled) => C:\Users\UpdatusUser User1 (S-1-5-21-1811926671-1166010024-57519386-1000 - Administrator - Enabled) => C:\Users\User1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BurnAware Free 4.8 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware Technologies) C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - ) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Curse Client (HKU\S-1-5-21-1811926671-1166010024-57519386-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.12 - NCH Software) DisplayFusion (HKLM-x32\...\Steam App 227260) (Version: - Binary Fortress Software) DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software) EPSON Printer Software (HKLM-x32\...\EPSON Printer and Utilities) (Version: - ) GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics) Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.314 - McAfee, Inc.) Media Player Codec Pack 3.9.6 (HKLM-x32\...\Media Player - Codec Pack) (Version: - Media Player Codec Pack) MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) PlutoTV version 0.0.5 (HKLM-x32\...\PlutoTV_is1) (Version: 0.0.5 - PlutoTV) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Serif MoviePlus Starter Edition (HKLM-x32\...\{2A9D6191-23DB-463E-BB1B-1642C9756B7C}) (Version: 1.0.0.008 - Serif (Europe) Ltd) Serif MoviePlus X5 (HKLM-x32\...\{93C40A12-0098-46B1-972E-E8083686A7A0}) (Version: 7.0.2.018 - Serif (Europe) Ltd) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1811926671-1166010024-57519386-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) World of Goo (HKLM-x32\...\{BD624CE2-CAD5-421C-B845-F29F4A8BA57B}) (Version: 1.2 - Brighter Minds Media) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1811926671-1166010024-57519386-1000_Classes\CLSID\{37d54f02-46b1-4064-86ed-0083621fefd5}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= 30-05-2015 22:35:20 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {077B0D1F-5DB5-42D4-B0D6-944E16788609} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {0CAA03B9-E799-4367-85C0-2A5B30B2E6EC} - System32\Tasks\{B5BACBBC-3A8A-4CF7-8675-146E4A3F39DD} => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2015-01-07] (Binary Fortress Software) Task: {38B65DEB-9F30-4421-9207-9F0E04076188} - System32\Tasks\RealCreateProcessScheduledTask5441611S-1-5-21-1811926671-1166010024-57519386-1000 => C:\Program Files (x86)\Real\RealPlayer\realplay.exe Task: {519574CF-F9AB-4579-BE5C-8B7646C5F455} - System32\Tasks\{41392FC1-F5AC-4545-A88F-A26A2C303DA8} => C:\Program Files (x86)\Serif\MoviePlus\5.0\Program\MoviePlus.exe Task: {53115995-5317-4A1A-AD2B-F676ADDF83FB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {53E4A291-4B7B-47FF-91D5-A487F2D0363D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-20] (Microsoft Corporation) Task: {5BB1BAC1-EBCE-4014-BD11-1F03DBC9A858} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {62A2B745-BFFB-492F-84E5-197FE6A0D921} - System32\Tasks\{66EFD634-93DF-4D94-A0C1-6BC24F7E0046} => pcalua.exe -a D:\setup.exe -d D:\ Task: {67A00963-C622-46FE-A894-FFDD1CBB376E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.) Task: {6AC05CC6-C4A1-4BE6-9F22-C1398457F006} - System32\Tasks\{1B6F46F5-3106-4FEF-B82D-4ECF36E223D2} => C:\Program Files (x86)\OBS\OBS.exe [2015-03-25] () Task: {82CC3F8B-F073-414B-B785-FCE1C1606C62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated) Task: {9C740AF5-F27C-478E-B340-4AB26AECE156} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Task: {CAEFEBCB-56BF-4AEF-8D54-98176FF4A1E2} - System32\Tasks\{0363DD29-873F-4A20-AE70-A7EB7CA4A7E2} => pcalua.exe -a D:\autorun.exe -d D:\ Task: {D2864E78-FFC8-49C8-9E72-04906F3E65C0} - System32\Tasks\Security Updater => C:\Users\User1\AppData\Roaming\Updater\winupd.exe <==== ATTENTION Task: {DD8D5609-0059-44D2-83E8-62BF5FAF7B91} - System32\Tasks\{23D58A0F-9778-4326-AE48-603B30EB0BCA} => C:\Program Files (x86)\Serif\MoviePlus\5.0\Program\MoviePlus.exe Task: {E0A69EF5-1821-430C-BDEC-2DDCDFCD7279} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {E1758D69-51E5-4550-8F92-6D2D98B1808B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {E56A7556-F0F9-4103-85FD-4BADF423CD4E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {E5A02A89-79FC-4A49-9163-B76CEE73D0B0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {E7DA2A44-173B-4D98-99D1-3A00E056CE12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-03] (Google Inc.) Task: {ECC7CB81-DEA2-42BF-B948-2BB71EC6154C} - System32\Tasks\{E5C4AF8A-59BF-4181-B9A7-4B0897ECCCF0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {F250825E-B81A-473B-9E2B-D08F10FEED1D} - System32\Tasks\{7A0C476E-A10B-4EC9-A893-114FA1469799} => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [2015-01-07] (Binary Fortress Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-19 16:03 - 2015-01-30 20:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-12 10:54 - 2014-08-19 15:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-10-09 15:51 - 2014-10-09 15:51 - 00016384 ____N () C:\Users\User1\AppData\Local\Apps\2.0\KCWBV7HE.218\XV82A937.8W2\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll 2013-09-02 11:56 - 2013-09-02 11:55 - 00035840 _____ () C:\Users\User1\AppData\Local\Apps\2.0\KCWBV7HE.218\XV82A937.8W2\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll 2014-10-09 15:51 - 2014-10-09 15:51 - 00099840 ____N () C:\Users\User1\AppData\Local\Apps\2.0\KCWBV7HE.218\XV82A937.8W2\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1811926671-1166010024-57519386-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Local\DisplayFusion\Wallpaper_2 DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: ACDaemon => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup MSCONFIG\startupfolder: C:^Users^User1^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PlutoTV.lnk => C:\Windows\pss\PlutoTV.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe MSCONFIG\startupreg: BingSvc => C:\Users\User1\AppData\Local\Microsoft\BingSvc\BingSvc.exe MSCONFIG\startupreg: CmPCIaudio => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd MSCONFIG\startupreg: DisplayFusion => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify => "C:\Users\User1\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User1\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C1C8D8AF-5FA4-4E3B-8416-1EF626CA1E19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{C5CCC5ED-CD71-433D-A983-62E60EB67BB4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe FirewallRules: [{461C2F31-4255-499E-A6B4-FCC08950351A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{0A57A46A-FE94-4AF2-9DCB-79BEE47F232C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{ABA50634-F7D4-4398-9227-719970E20D0D}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe FirewallRules: [{7E8F07F9-1E48-4422-B538-062CFC87E4E0}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe FirewallRules: [{3FC18F56-ED86-4FE5-A9DF-AE2BE02B0922}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B1656104-A6AC-4F54-A74A-C4A49C5E6D25}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C3A68FED-EBD1-4518-A60E-73B85571F3B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BA629523-C0A1-45C1-AD0A-CDCECC19A1A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{837279A4-8436-4768-AD53-D5F3C75F7D1B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [{58CB9C61-C37A-4118-8AAF-9E88F2CB101B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe FirewallRules: [{C88B1415-3D70-4F88-8727-7C7C36459DD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{A4AC4043-4909-4E52-9832-A5466C139BD0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe FirewallRules: [{2FBFE27D-AAB4-4A90-AE45-9B74CCF04232}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{A63B6ED3-CB41-4E2C-BBF2-49836CD48761}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe FirewallRules: [{76DAEA56-BE96-4A52-B325-008704D1F8E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{063750FA-B514-4C7A-8A83-65953E479E05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe FirewallRules: [{4A0D5575-E37C-409B-B8A8-0FADFF4ADF63}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{EC86BF20-4B7F-4EB1-A4A0-58F6200D4690}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe FirewallRules: [{9A4F94EC-3551-4376-8908-5AC5920D46A4}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{E7879D82-7687-4729-806D-14C3920ECA03}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{12335807-7B8A-47A9-B084-2FF5D4BDDC80}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{779F2D6B-1D3F-4A54-84A2-92FC9332E40C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe FirewallRules: [{1651A20E-6538-41E1-B4F5-A72346B6F6FA}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{D6719047-A965-43F9-B585-2E8E232D5C75}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{EB1E8E11-CFE3-4C95-A8D8-46D45616CA6C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{0AC6BAA9-CC55-497C-813F-FF2F0BF31B61}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{2E1405FD-F951-4D14-B107-6D87A85189CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{242F74F2-B9AF-4D2A-960C-FB53ACDAD092}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{9EF2ED81-AD17-4CF1-86B9-83F95795AB6F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{4AD44C7A-16D4-4862-9EC2-B814158D6BC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{90A58860-533F-4945-A3A1-26B49B2305B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe FirewallRules: [{9B9481EF-3285-4959-A5FF-061F3F6BB8B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe FirewallRules: [{C34C8115-6741-44DA-A033-8E5219652354}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{DE7FEBE6-31A2-4EA4-A80C-0803F8FEC121}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{04A518F2-4762-4A7F-8FA5-A803520BE1E8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{56D167A6-7D72-4EF3-8D20-D5412703186D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe FirewallRules: [{F7F51AAB-D548-4F00-94CA-4DBFB1734A1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{3709BB27-1A67-4F6D-AA2C-704E7E7A456F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe FirewallRules: [{65D1F2C6-9516-4CDC-8FE6-9015EA3B353E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe FirewallRules: [{6351DB2C-1120-4CE9-969D-F6099D902D65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe FirewallRules: [{0191D022-D07E-4C09-97D6-A9FA44A66766}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe FirewallRules: [{81E342D3-3A2D-4866-9212-9C20747B9221}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe FirewallRules: [{FC0B86B5-6D2C-4724-B055-7A42A0F3FF02}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{CBE1C5AD-A5CC-444F-BEE4-1BD8A3F2E310}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe FirewallRules: [{F7F38B5A-5586-4FAD-8922-1EF18CF9E483}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{0A98D337-E3FB-405F-9D8B-C31429623307}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{4FF0236F-DC95-4026-96CF-14A3F64F217F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe FirewallRules: [{88C15321-936B-4DC8-A68F-2952265EBCC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe FirewallRules: [{CDD7C2BE-16A5-465D-BB5A-3D29933B6E7A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe FirewallRules: [{E3E26005-85C9-4EC6-80BE-541E43B5554F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe FirewallRules: [{3195F04C-18EB-4B60-9A86-1A9E08A1A21C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe FirewallRules: [{25E99548-B7EB-4318-9E10-CB26F78B5662}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe FirewallRules: [{1EE07B84-BC8B-4641-997A-6124359FDFC6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [{BB0839DA-ECA4-47DC-A9CB-8E8D08FFA147}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe FirewallRules: [{B9A2E970-5313-4785-98C1-3A8B4B449660}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{269EA293-BB63-4C07-BADA-81FDD701ACBE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{5C235CE9-C364-4FCF-9EAB-E9CD206C8EAC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{170404EF-E784-46F9-8762-39E90F89749E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B7B40B6C-FE92-44F6-A4BA-3C612B2E5E5D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{413B222E-58E5-4475-997E-334A652D06E8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{295428B7-5D50-41E9-A483-0CD31A718C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DisplayFusion\DisplayFusionLauncher.exe FirewallRules: [{A91FAAAA-F5E0-4CAE-A5C7-FDF869245A7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DisplayFusion\DisplayFusionLauncher.exe FirewallRules: [{0EE2D9C5-EC14-4DEA-86BB-9ABC68A548F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe FirewallRules: [{4417F3B6-30DC-4FBA-A760-C676214765AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe FirewallRules: [{CF9F708E-BEA5-4D93-B781-4539632C30AC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{D0AFB091-043C-49A7-A136-694EBBA3E684}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{72650EE3-90CD-448D-AA71-C2662A115852}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe FirewallRules: [{C2B7E496-5493-4678-B49D-A51D1C30D896}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe FirewallRules: [{3444814A-BB68-455E-BED3-93D1DA0E9D32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe FirewallRules: [{E7A56C48-82B2-4031-AC3F-BFE3190F90E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe FirewallRules: [{60D18968-FEC3-4F32-B688-9BBD642C7F6B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{FE91A974-549F-42DC-85B9-E0F4A6A9EB2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe FirewallRules: [{56FAEB78-EC2F-43D3-972F-51C10E6CD4AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{68C435AF-39D6-4BD8-AEB8-68746FA5BE31}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe FirewallRules: [{ED40F9DD-EDFE-4694-9543-C978F312FE4E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{EEEC68A9-A300-4581-A4B0-1C367855F152}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe FirewallRules: [{05C84FE9-DFFC-457A-8342-F4F2498EA9CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{7A1BB1F5-AE53-4AD1-B189-B7BA380F9776}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{C95BF1F0-854C-4C83-8525-CCD107E40F0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{0EC361C7-38A3-4BF9-ADDA-F7D108E0F102}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{21B140F6-6D6B-4632-801D-25EA05EFD5B1}] => (Allow) LPort=2869 FirewallRules: [{51441211-C16B-40E6-9C1F-E15F4EFEA8D8}] => (Allow) LPort=1900 FirewallRules: [{B41F84E0-3CEB-4037-B6D0-612B651BE458}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{218370AD-355E-44D4-AED3-28028C8F6B29}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{589AC941-CC76-40D6-B1C2-9646FA9D3A4D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{3E259734-6607-487A-B9A4-52B64A048232}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{5C897336-CBD4-4746-932D-25BF9C7FFBCC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{EA1836F9-466F-4B6D-A507-705C1DE75A31}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{0260C353-6DEB-45C2-9AC2-F6BF5B41513D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{2AD5B2E7-471B-45AF-A98A-5704D2C4A988}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{F695CC5E-B544-4542-B971-751046004BF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1170AB00-E13D-420C-9659-7A21C57EEDD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{59D00261-0800-4A41-885A-742C0ABBFD15}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{0E98310E-7985-48A6-A710-48B86CB6BC51}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{4F8207B8-9EA4-4C50-AA72-AAEA5A305477}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{62091503-3764-4943-873A-871A91C0816A}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsv2BE3.tmp\CnetInstaller-10073040.exe FirewallRules: [{7815E8B1-A960-4779-B20B-4FFE29836C67}] => (Allow) C:\Users\User1\AppData\Local\Temp\nsv2BE3.tmp\CnetInstaller-10073040.exe FirewallRules: [{C1B5BEC6-35F6-42A1-AB14-1A7FFE9DBB87}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/29/2015 09:22:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Wow-64.exe version 6.1.2.19865 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b3c Start Time: 01d09a5fab555c70 Termination Time: 822 Application Path: C:\Program Files (x86)\World of Warcraft\Wow-64.exe Report Id: 57c4969f-066a-11e5-9636-003018a7b979 Error: (05/28/2015 01:34:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSACore.exe, version: 4.0.0.274, time stamp: 0x554139f4 Faulting module name: saupkeep.dll_unloaded, version: 0.0.0.0, time stamp: 0x554138ac Exception code: 0xc0000005 Fault offset: 0x000007fef02ac163 Faulting process id: 0x998 Faulting application start time: 0xMcSACore.exe0 Faulting application path: McSACore.exe1 Faulting module path: McSACore.exe2 Report Id: McSACore.exe3 Error: (05/27/2015 01:42:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: McSACore.exe, version: 4.0.0.274, time stamp: 0x554139f4 Faulting module name: saupkeep.dll_unloaded, version: 0.0.0.0, time stamp: 0x554138ac Exception code: 0xc0000005 Fault offset: 0x000007fef0dbc163 Faulting process id: 0x970 Faulting application start time: 0xMcSACore.exe0 Faulting application path: McSACore.exe1 Faulting module path: McSACore.exe2 Report Id: McSACore.exe3 Error: (05/24/2015 11:10:11 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program PhotoshopElements.exe version 1.0.128.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1338 Start Time: 01d096338d0a67a4 Termination Time: 29 Application Path: C:\Program Files (x86)\Adobe\Photoshop Elements\PhotoshopElements.exe Report Id: f1c30a91-0226-11e5-bfc2-003018a7b979 Error: (05/23/2015 03:32:16 PM) (Source: MsiInstaller) (EventID: 11920) (User: User1-PC) Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services. Error: (05/23/2015 02:19:10 PM) (Source: MsiInstaller) (EventID: 11920) (User: User1-PC) Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services. Error: (05/22/2015 03:04:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 794 Start Time: 01d094bcf238706e Termination Time: 11156 Application Path: C:\Windows\Explorer.EXE Report Id: 578729e1-00b5-11e5-a163-003018a7b979 Error: (05/22/2015 01:20:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program WINWORD.EXE version 11.0.8411.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12c0 Start Time: 01d094b320df0772 Termination Time: 11 Application Path: C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE Report Id: b116a9c3-00a6-11e5-90a8-003018a7b979 Error: (05/19/2015 03:14:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: User1-PC) Description: Application or service 'RealPlayer Update Service' could not be restarted. Error: (05/19/2015 03:13:47 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/03/2015 03:36:12 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (06/02/2015 08:06:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (06/02/2015 05:26:51 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (06/01/2015 03:04:07 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:47:29 PM on ‎6/‎1/‎2015 was unexpected. Error: (06/01/2015 10:38:29 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (05/31/2015 03:23:59 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (05/31/2015 11:04:53 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} Error: (05/30/2015 01:19:53 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (05/29/2015 11:58:10 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (05/29/2015 02:12:48 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Microsoft Office: ========================= Error: (05/29/2015 09:22:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Wow-64.exe6.1.2.19865b3c01d09a5fab555c70822C:\Program Files (x86)\World of Warcraft\Wow-64.exe57c4969f-066a-11e5-9636-003018a7b979 Error: (05/28/2015 01:34:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSACore.exe4.0.0.274554139f4saupkeep.dll_unloaded0.0.0.0554138acc0000005000007fef02ac16399801d0995a8dd78218C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exesaupkeep.dlld0ab55ae-055f-11e5-af33-003018a7b979 Error: (05/27/2015 01:42:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSACore.exe4.0.0.274554139f4saupkeep.dll_unloaded0.0.0.0554138acc0000005000007fef0dbc16397001d098922afd5f72C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exesaupkeep.dllcc3b293f-0497-11e5-999e-003018a7b979 Error: (05/24/2015 11:10:11 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: PhotoshopElements.exe1.0.128.0133801d096338d0a67a429C:\Program Files (x86)\Adobe\Photoshop Elements\PhotoshopElements.exef1c30a91-0226-11e5-bfc2-003018a7b979 Error: (05/23/2015 03:32:16 PM) (Source: MsiInstaller) (EventID: 11920) (User: User1-PC) Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/23/2015 02:19:10 PM) (Source: MsiInstaller) (EventID: 11920) (User: User1-PC) Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device Service' (Apple Mobile Device Service) failed to start. Verify that you have sufficient privileges to start system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/22/2015 03:04:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.1756779401d094bcf238706e11156C:\Windows\Explorer.EXE578729e1-00b5-11e5-a163-003018a7b979 Error: (05/22/2015 01:20:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: WINWORD.EXE11.0.8411.012c001d094b320df077211C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEb116a9c3-00a6-11e5-90a8-003018a7b979 Error: (05/19/2015 03:14:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: User1-PC) Description: 0RealPlayerUpdateSvc.exeRealPlayer Update Service03026217816520 Error: (05/19/2015 03:13:47 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{9F3B20DF-76F2-47F4-9372-F0F56485A58D}\recordingmanager.exe ==================== Memory info =========================== Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ Percentage of memory in use: 49% Total physical RAM: 4095.3 MB Available physical RAM: 2052.38 MB Total Pagefile: 8188.82 MB Available Pagefile: 5749.98 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:762.84 GB) NTFS Drive f: () (Removable) (Total:29.74 GB) (Free:29.74 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B343B343) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================

I was told to start a new thread if problem re-appears After doing everything listed on this thred: https://forums.malwarebytes.org/index.php?/topic/167065-browser-closes-comp-runs-slow/ everything ran great, up until I ran Delfix (last program mentioned. Computer is back to running slow and browser closing unexpectedly. Apears worse. FRST.txt Addition.txt attached. FRST.txt Addition.txt

So far so good. Sound quality even seems to be improved (though that may just be me). If problem reapears should I start a new thread, or give it a few days keeping this thread open?

Files attached as requested. 2 Questions. Should I leave my anti viruse software turned off? and Is it ok to use movie editing software while we do these scans? zoek-results.txt Malwarebytes' Anti-Malware.txt