This topic is locked
Hi
I knew better but,
I downloaded a program that was bundled with malware. My browsers are all redirecting and have annoying pop ups. Media download,
Ilivid download and cdn.downloaddaft.com are a few of the sites that I have been redirected to.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mom (administrator) on MOM-PC on 24-03-2015 18:12:00
Running from C:\Users\Mom\Desktop
Loaded Profiles: Mom (Available profiles: Mom & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\Ncmanthicisinessibias\Ncmanthicisinessibias.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-2005915866-3535303436-4220142520-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2005915866-3535303436-4220142520-1000] => http=127.0.0.1:9880
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.n...yerAX_Win32.cab
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab
DPF: HKLM-x32 {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} https://www.compass....micWebTWAIN.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{F5AA37F8-C1BB-4651-A345-B8D6F02AE8C5}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\rdzkj16m.default-1427158167491
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-12-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll [2011-10-26] (Millisecond Software)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-2005915866-3535303436-4220142520-1000: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll [2011-10-26] (Millisecond Software)
FF Plugin HKU\S-1-5-21-2005915866-3535303436-4220142520-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mom\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2005915866-3535303436-4220142520-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mom\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Inquisit Web Edition) - C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll (Millisecond Software)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll No File
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (The Treasures Of Mystery Island) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cakimmoclemogopdpkmnhnhlbdbhople [2014-09-07]
CHR Extension: (Do Not Track) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdcpbflcbeillmamogkpmdhnbeggfja [2014-09-07]
CHR Extension: (Google Calendar) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-07]
CHR Extension: (AdBlock) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-07]
CHR Extension: (ERPLY Accounting) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnoijkgmmjjimafnfhlcmnicnedcai [2015-02-15]
CHR Extension: (Autodesk Homestyler) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-09-07]
CHR Extension: (Free Invoice Maker) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2014-09-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Maps) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Picasa) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-09-07]
CHR Extension: (Click&Clean App) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-09-07]
CHR Extension: (Gmail) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-07]
CHR HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mom\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-19]
CHR HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Ncmanthicisinessibias; C:\Program Files (x86)\Ncmanthicisinessibias\Ncmanthicisinessibias.exe [256512 2015-03-19] () [File not signed] <==== ATTENTION
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2006-10-31] (BIOSTAR Group)
U0 hepdcw; C:\Windows\System32\drivers\eequn.sys [79064 2015-03-24] (Malwarebytes Corporation)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-09-23] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-03-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-01-08] (Wondershare)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-24 18:07 - 2015-03-24 18:12 - 00000000 ____D () C:\FRST
2015-03-24 18:06 - 2015-03-24 18:06 - 02095616 _____ (Farbar) C:\Users\Mom\Desktop\FRST64.exe
2015-03-24 18:06 - 2015-03-24 18:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-24 18:06 - 2015-03-24 18:06 - 00000000 _____ () C:\Windows\setupact.log
2015-03-24 17:47 - 2015-03-24 17:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\eequn.sys
2015-03-23 20:07 - 2015-03-23 20:54 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Compete
2015-03-23 17:29 - 2015-03-24 15:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-23 17:28 - 2015-03-23 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-23 17:28 - 2015-03-23 17:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-23 17:28 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-23 17:28 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-23 17:28 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-23 17:07 - 2015-03-23 17:09 - 00053248 ___SH () C:\Users\Mom\Desktop\Thumbs.db
2015-03-22 17:56 - 2015-03-22 17:56 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\WebplayerRemote
2015-03-22 17:47 - 2015-03-22 17:47 - 00000000 __SHD () C:\Program Files (x86)\Ncmanthicisinessibias
2015-03-22 17:32 - 2015-03-22 17:32 - 01315328 _____ () C:\Users\Mom\AppData\Roaming\JLS.exe
2015-03-22 17:31 - 2015-03-23 16:59 - 00000000 ___HD () C:\Users\Public\Temp
2015-03-22 17:30 - 2015-03-22 17:31 - 00000000 ____D () C:\Program Files (x86)\75f58658-1636-481b-bb93-681528a7e956
2015-03-22 17:30 - 2015-03-22 17:30 - 00003278 _____ () C:\Windows\System32\Tasks\xOyz777ub8w9gWE
2015-03-22 17:30 - 2015-03-22 17:30 - 00003236 _____ () C:\Windows\System32\Tasks\vhSk5fGmqffH4XR
2015-03-22 17:30 - 2015-03-22 17:30 - 00003234 _____ () C:\Windows\System32\Tasks\QV7WrfASweRbfs0
2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\PsjDFS8
2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Cd23RUL
2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\ProgramData\atjs
2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Shafelo
2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\ProgramData\NVSMpxS
2015-03-22 17:28 - 2015-03-23 20:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-22 17:28 - 2015-03-22 17:28 - 01945600 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN.exe
2015-03-22 17:28 - 2015-03-22 17:28 - 00000000 ____D () C:\Users\Mom\AppData\Local\globalUpdate
2015-03-22 17:28 - 2015-03-12 02:40 - 04687360 _____ () C:\Windows\rcore.exe
2015-03-22 17:27 - 2015-03-22 17:27 - 00000000 ____D () C:\ProgramData\10a33e9e6bdb4696920e1858a4196f36
2015-03-22 14:43 - 2015-03-22 14:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-22 14:31 - 2015-03-22 14:38 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Foxit Software
2015-03-22 14:31 - 2015-03-22 14:31 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-03-22 14:31 - 2015-03-22 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-03-22 14:31 - 2015-03-22 14:31 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-03-22 14:27 - 2015-03-22 14:28 - 38624744 _____ (Foxit Software Inc. ) C:\Users\Mom\Downloads\FoxitReader710.0306_prom_enu_Setup.exe
2015-03-20 17:56 - 2015-03-20 17:57 - 03894696 _____ (solvusoft Corporation ) C:\Users\Mom\Desktop\Tsusbhub.sys_Error_Repair_Tool-WinThruster.exe
2015-03-20 17:46 - 2015-03-20 17:46 - 02135814 _____ () C:\Windows\system32\config\wfpstate.xml
2015-03-20 17:46 - 2015-03-20 17:46 - 01609647 _____ () C:\Windows\system32\config\wfpfilters.xml
2015-03-20 17:46 - 2015-03-20 17:46 - 00358797 _____ () C:\Windows\system32\config\netevents.xml
2015-03-20 17:46 - 2015-03-20 17:46 - 00069632 _____ () C:\Windows\system32\config\WindowsFirewallLogVerbose.evtx
2015-03-20 17:46 - 2015-03-20 17:46 - 00069632 _____ () C:\Windows\system32\config\WindowsFirewallConsecLogVerbose.evtx
2015-03-20 17:46 - 2015-03-20 17:46 - 00042461 _____ () C:\Windows\system32\config\Dns.txt
2015-03-20 17:46 - 2015-03-20 17:46 - 00037434 _____ () C:\Windows\system32\config\WcnInfo.txt
2015-03-20 17:46 - 2015-03-20 17:46 - 00002573 _____ () C:\Windows\system32\config\FileSharing.txt
2015-03-20 17:46 - 2015-03-20 17:46 - 00002303 _____ () C:\Windows\system32\config\gpresult.txt
2015-03-20 17:46 - 2015-03-20 17:46 - 00002148 _____ () C:\Windows\system32\config\Neighbors.txt
2015-03-20 17:46 - 2015-03-20 17:46 - 00000484 _____ () C:\Windows\system32\config\sysports.xml
2015-03-20 17:46 - 2015-03-20 17:46 - 00000237 _____ () C:\Windows\system32\config\netiostate.txt
2015-03-20 17:46 - 2015-03-20 17:46 - 00000062 _____ () C:\Windows\system32\config\wfplog.log
2015-03-20 17:45 - 2015-03-20 17:46 - 00000000 ____D () C:\Windows\system32\config\LocaleMetaData
2015-03-20 17:45 - 2015-03-20 17:45 - 01118208 _____ () C:\Windows\system32\config\WindowsFirewallLog.evtx
2015-03-20 17:45 - 2015-03-20 17:45 - 00431374 _____ () C:\Windows\system32\config\WindowsFirewallConfig.txt
2015-03-20 17:45 - 2015-03-20 17:45 - 00069632 _____ () C:\Windows\system32\config\WLANAutoConfigLog.evtx
2015-03-20 17:45 - 2015-03-20 17:45 - 00069632 _____ () C:\Windows\system32\config\WindowsFirewallConsecLog.evtx
2015-03-20 17:45 - 2015-03-20 17:45 - 00048646 _____ () C:\Windows\system32\config\WindowsFirewallEffectiveRules.txt
2015-03-20 17:45 - 2015-03-20 17:45 - 00015700 _____ () C:\Windows\system32\config\envinfo.txt
2015-03-20 17:45 - 2015-03-20 17:45 - 00014361 _____ () C:\Windows\system32\config\osinfo.txt
2015-03-20 17:45 - 2015-03-20 17:45 - 00004526 _____ () C:\Windows\system32\tempfile.txt
2015-03-20 17:45 - 2015-03-20 17:45 - 00000883 _____ () C:\Windows\system32\config\adapterinfo.txt
2015-03-20 17:45 - 2015-03-20 17:45 - 00000000 ____D () C:\Windows\system32\Reg
2015-03-19 19:33 - 2015-03-08 10:22 - 00670880 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mom\Desktop\autoruns.exe
2015-03-19 15:56 - 2015-03-19 15:56 - 00008126 _____ () C:\Users\Mom\Desktop\cc_20150319_155607.reg
2015-03-19 15:49 - 2015-03-19 15:49 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\VSRevoGroup
2015-03-19 12:09 - 2015-03-22 18:00 - 00000000 ____D () C:\Users\Mom\Desktop\brusch
2015-03-11 19:52 - 2015-03-11 19:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-11 19:52 - 2015-03-11 19:52 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-11 19:52 - 2015-03-11 19:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-11 19:37 - 2015-03-11 19:52 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-10 19:38 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 19:38 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 19:38 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 19:38 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 19:38 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 19:38 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 19:38 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 19:38 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 19:38 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 19:38 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 19:38 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 19:38 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 19:38 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 19:38 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 19:38 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 19:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 19:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 19:38 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 19:38 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 19:38 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 19:38 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 19:38 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 19:38 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 19:38 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 19:38 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 19:38 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 19:38 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 19:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 19:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 19:38 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 19:38 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 19:38 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 19:38 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 19:38 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 19:38 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 19:38 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 19:38 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 19:38 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 19:37 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 19:37 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 19:37 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 19:37 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 19:37 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 19:37 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 19:37 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 19:37 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 19:37 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 19:37 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 19:37 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 19:37 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 19:37 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 19:37 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 19:37 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 19:37 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 19:37 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:37 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 19:37 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 19:37 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 19:37 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 19:37 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 19:37 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 19:36 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 19:36 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 19:36 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 19:36 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:36 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 19:36 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 19:36 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 19:36 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 19:36 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:36 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 19:36 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:36 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 19:36 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 19:36 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:36 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 19:36 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:36 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 19:36 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:36 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 19:36 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 19:36 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:36 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 19:36 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 19:36 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:36 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 19:36 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 19:36 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:36 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 19:36 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 19:36 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 19:36 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 19:36 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 19:36 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 19:36 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:36 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 19:36 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 19:36 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 19:36 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 19:36 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 19:36 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 19:36 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:36 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 19:36 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 19:36 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:36 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:36 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 19:36 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 19:36 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 19:36 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:36 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 19:36 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 19:36 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 19:36 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:36 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 19:36 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 19:36 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 19:36 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 19:36 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 19:36 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 19:36 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 19:36 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 19:35 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 19:35 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN
2015-03-05 19:39 - 2015-03-19 15:57 - 00000000 ____D () C:\Users\Mom\Desktop\Stuff
2015-03-05 19:30 - 2015-03-05 19:30 - 00001117 _____ () C:\Users\Mom\Desktop\Dropbox.lnk
2015-03-05 19:28 - 2015-03-05 19:28 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-05 19:26 - 2015-03-05 19:27 - 00355632 _____ (Dropbox, Inc.) C:\Users\Mom\Downloads\DropboxInstaller.exe
2015-03-04 08:54 - 2015-03-04 08:54 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2015-03-04 08:54 - 2015-03-04 08:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2015-03-04 08:53 - 2015-03-04 08:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2015-03-04 08:53 - 2015-03-04 08:53 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2015-02-28 18:47 - 2015-02-28 17:38 - 1423871935 _____ () C:\Users\Mom\Documents\ADancewithDragonsASongofIceandFireBook5_ep6_A132NK9ZH3BI6N.aax
2015-02-28 15:04 - 2015-02-28 15:04 - 01730272 _____ (Audible Inc.) C:\Users\Mom\Downloads\ActiveSetupN(1).exe
2015-02-28 14:52 - 2015-02-28 14:52 - 00000000 ____D () C:\Users\Public\Documents\Audible
2015-02-28 14:52 - 2015-02-28 14:52 - 00000000 ____D () C:\Users\Mom\Documents\Audible
2015-02-28 14:52 - 2015-02-28 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-02-28 14:52 - 2015-02-28 14:52 - 00000000 ____D () C:\ProgramData\Documents\Audible
2015-02-28 14:52 - 2015-02-28 14:52 - 00000000 ____D () C:\Program Files (x86)\Audible
2015-02-28 14:51 - 2015-02-28 14:51 - 01672880 _____ (Audible, Inc.) C:\Users\Mom\Downloads\AudibleDM_iTunesSetup.exe
2015-02-28 14:48 - 2015-02-28 14:48 - 01730272 _____ (Audible Inc.) C:\Users\Mom\Downloads\ActiveSetupN.exe
2015-02-26 19:25 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 19:25 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-24 18:11 - 2009-07-14 00:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 18:11 - 2009-07-14 00:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 16:56 - 2010-12-03 08:56 - 01182771 ____N () C:\Windows\WindowsUpdate.log
2015-03-24 15:39 - 2010-12-05 19:55 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\foobar2000
2015-03-24 11:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 20:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2015-03-23 20:37 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-23 18:10 - 2009-07-14 01:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 16:55 - 2013-04-10 13:57 - 00000000 ___RD () C:\Users\Mom\Dropbox
2015-03-23 16:54 - 2012-10-19 20:46 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Dropbox
2015-03-22 18:09 - 2009-07-14 01:13 - 00800010 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 18:02 - 2015-01-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-22 17:26 - 2011-06-17 17:24 - 00000000 ____D () C:\Users\Mom\AppData\Local\Deployment
2015-03-22 14:27 - 2010-12-03 17:14 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2015-03-22 14:26 - 2010-12-02 17:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-20 16:48 - 2015-01-18 20:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 16:48 - 2014-07-14 14:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 16:48 - 2014-07-14 14:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 19:52 - 2015-01-18 20:58 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-19 19:52 - 2014-07-14 14:10 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-19 19:52 - 2014-07-14 14:10 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-19 17:54 - 2012-11-24 19:19 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Spotify
2015-03-19 17:05 - 2013-10-19 23:09 - 00000000 ____D () C:\Users\Mom\AppData\Local\Spotify
2015-03-19 15:43 - 2015-02-17 18:14 - 00000000 ____D () C:\Windows\Minidump
2015-03-18 18:01 - 2014-12-15 17:13 - 00000000 ____D () C:\Users\Mom\Desktop\Justin
2015-03-18 13:57 - 2015-01-18 20:58 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 13:57 - 2015-01-18 20:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 13:40 - 2012-11-06 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 15:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 13:59 - 2013-05-06 20:23 - 00001710 _____ () C:\Users\Mom\Documents\password.txt
2015-03-12 13:44 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 13:44 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-12 13:41 - 2013-01-12 12:50 - 00554592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system
2015-03-11 19:44 - 2015-02-14 14:15 - 00175933 _____ () C:\Windows\system\tubelist.dat
2015-03-11 19:43 - 2014-12-02 13:05 - 00162854 _____ () C:\Windows\system\latest.dat
2015-03-11 19:43 - 2014-12-02 13:05 - 00000122 _____ () C:\Windows\system\update.dat
2015-03-11 19:35 - 2013-04-10 22:30 - 00000476 _____ () C:\Windows\wininit.ini
2015-03-11 19:35 - 2013-04-07 19:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-10 19:46 - 2012-06-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 19:46 - 2009-07-13 22:34 - 00000647 _____ () C:\Windows\win.ini
2015-03-10 19:44 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 19:40 - 2010-12-04 10:21 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-05 19:51 - 2012-11-06 16:46 - 00000000 ___RD () C:\Users\Mom\Google Drive
2015-03-03 09:17 - 2010-12-02 17:58 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 16:54 - 2012-03-31 15:23 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Canon
2015-03-02 11:22 - 2013-11-16 17:38 - 00000000 ___RD () C:\Users\Mom\Documents\Tax, Fax, letters and landlord
2015-02-28 15:10 - 2011-10-29 13:18 - 00000000 ____D () C:\Windows\pss
==================== Files in the root of some directories =======
2013-04-12 10:57 - 2013-04-12 10:57 - 0000000 _____ () C:\Users\Mom\AppData\Roaming\bibstats
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Mom\AppData\Roaming\JLS
2015-03-22 17:32 - 2015-03-22 17:32 - 1315328 _____ () C:\Users\Mom\AppData\Roaming\JLS.exe
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN
2015-03-22 17:28 - 2015-03-22 17:28 - 1945600 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN.exe
2014-01-10 20:40 - 2014-01-28 17:40 - 0000137 _____ () C:\Users\Mom\AppData\Roaming\WB.CFG
2014-01-10 20:40 - 2014-01-28 17:40 - 0000005 _____ () C:\Users\Mom\AppData\Roaming\WBPU-TTL.DAT
2011-01-05 20:31 - 2014-02-12 20:02 - 0028802 _____ () C:\Users\Mom\AppData\Roaming\wklnhst.dat
2013-03-31 17:59 - 2013-04-28 17:33 - 0009216 _____ () C:\Users\Mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-25 14:33 - 2012-12-25 14:33 - 0000091 _____ () C:\Users\Mom\AppData\Local\fusioncache.dat
2013-04-18 15:14 - 2013-04-18 15:14 - 0008526 _____ () C:\Users\Mom\AppData\Local\recently-used.xbel
2012-06-24 16:09 - 2013-01-06 14:27 - 0007603 _____ () C:\Users\Mom\AppData\Local\Resmon.ResmonCfg
2012-10-11 12:29 - 2012-10-11 12:35 - 0012770 _____ () C:\Users\Mom\AppData\Local\slot1.mm1
Files to move or delete:
====================
C:\Users\Mom\jobq.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Mom at 2015-03-24 18:08:57
Running from C:\Users\Mom\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crayon Physics Deluxe version 55 (HKLM-x32\...\{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
FamilySearch Indexing 3.15.1 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.15.1 - FamilySearch)
foobar2000 v1.1.1 (HKLM-x32\...\foobar2000) (Version: 1.1.1 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.0.306 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Home Sweet Home (HKLM-x32\...\BFG-Home Sweet Home) (Version: - )
Home Sweet Home 2: Kitchens and Baths (HKLM-x32\...\BFG-Home Sweet Home 2 - Kitchens and Baths) (Version: - )
Home Sweet Home: Christmas Edition (HKLM-x32\...\BFG-Home Sweet Home - Christmas Edition) (Version: - )
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Digital Image Standard 2006 Update (HKLM-x32\...\PictureItPrem_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MP3 To WAV Decoder version 1.0 r2 (HKLM-x32\...\{05B3E767-B182-4279-A35A-A56810C77CFD}_is1) (Version: 1.0 r2 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\...\MusicManager) (Version: - Google, Inc.)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7138 - MyHeritage.com)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5928 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smilebox (HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\...\Smilebox) (Version: 1.0.0.28051 - Smilebox, Inc.)
Spotify (HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ulead Photo Express My Scrapbook 2.0 (HKLM-x32\...\{CF404C21-47EB-4FA5-B920-91746874ED43}) (Version: - )
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\...\UserTestingPlugin) (Version: - UserTesting.com)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2005915866-3535303436-4220142520-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
11-03-2015 19:34:21 Revo Uninstaller's restore point - Spybot - Search & Destroy
11-03-2015 19:36:14 Revo Uninstaller's restore point - ESET Online Scanner v3
11-03-2015 19:45:37 Revo Uninstaller's restore point - Adobe Reader XI (11.0.08)
11-03-2015 20:17:49 Windows Update
17-03-2015 13:35:06 Windows Update
19-03-2015 15:44:36 Revo Uninstaller's restore point - Adobe Reader XI (11.0.08)
20-03-2015 16:50:43 Windows Update
22-03-2015 17:34:57 Revo Uninstaller's restore point - Consumer Input
22-03-2015 17:36:29 Revo Uninstaller's restore point - Consumer Input (remove only)
22-03-2015 17:40:22 Revo Uninstaller's restore point - Foxit Cloud
22-03-2015 17:41:31 Revo Uninstaller's restore point - GamesDesktop 025.340
22-03-2015 17:42:37 Revo Uninstaller's restore point - GamesDesktop 025.340
22-03-2015 17:44:13 Revo Uninstaller's restore point - MediaPv2.6
22-03-2015 17:44:55 Revo Uninstaller's restore point - Local Temperature
22-03-2015 17:46:44 Revo Uninstaller's restore point - Movie Wizard
22-03-2015 17:47:28 Revo Uninstaller's restore point - OBRONA Cleaner
22-03-2015 17:48:47 Revo Uninstaller's restore point - Microsoft XNA Framework Redistributable 3.1
22-03-2015 17:50:20 Revo Uninstaller's restore point - Microsoft XNA Framework Redistributable 3.1
22-03-2015 17:50:59 Revo Uninstaller's restore point - SmartPurple
22-03-2015 17:53:08 Revo Uninstaller's restore point - PepperZip 2.0
22-03-2015 17:54:02 Revo Uninstaller's restore point - TheBestDeals
22-03-2015 17:54:57 Revo Uninstaller's restore point - StormWatch
22-03-2015 17:57:59 Supprimé Webplayer Remote
23-03-2015 17:03:54 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-09-26 11:19 - 2014-09-04 19:10 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {08AEE9B9-7DAE-427D-8853-93288ED79AF6} - System32\Tasks\xOyz777ub8w9gWE => C:\Users\Mom\AppData\Roaming\PsjDFS8\tPXFXtg.exe [2015-03-22] ()
Task: {137C7262-0DF3-4489-9F0E-FC84A6C0857E} - \CIMT_S-1-5-21-2005915866-3535303436-4220142520-1000 No Task File <==== ATTENTION
Task: {28BEF8B8-3CBD-47CE-A17D-538434CDFC89} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-5 No Task File <==== ATTENTION
Task: {297CC9FC-A122-46D2-B3E0-D2FDEF3A4DCA} - System32\Tasks\vhSk5fGmqffH4XR => C:\Users\Mom\AppData\Roaming\Cd23RUL\4mdbvfy.exe [2015-03-22] ( )
Task: {2CD2E74C-8DE7-4AA4-9B2A-8515C9B33570} - \Startup Time Check No Task File <==== ATTENTION
Task: {34A9A280-F251-4877-B32A-D7967E245BEE} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-7 No Task File <==== ATTENTION
Task: {350C4730-87B0-44E5-8FF2-D180098D64DB} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {36ED84F4-18D5-4156-9974-196CE15BF211} - \CIMT_daily_S-1-5-21-2005915866-3535303436-4220142520-1000 No Task File <==== ATTENTION
Task: {4BE93E40-334C-4A04-A40F-0252AF58B0A2} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-10_user No Task File <==== ATTENTION
Task: {6E0DC5F9-984F-483F-949D-AF6C41C961EA} - System32\Tasks\{75C18BE2-499E-466E-BFCD-75CEC0390CC0} => pcalua.exe -a "C:\Users\vin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7D3XJTX\PlayerSetup[1].exe" -d C:\Users\vin\Desktop
Task: {8B0DA266-5086-4271-8FCE-1CE626019856} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-6 No Task File <==== ATTENTION
Task: {9FB5E7F8-28A6-43F1-8BC4-23B57C269DD6} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {A5678122-6EE9-4E63-9EC6-FFF16CEEE6ED} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-5_user No Task File <==== ATTENTION
Task: {AD33A4A5-E5D0-42E9-AD59-C4FB2C16D533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04] (Google Inc.)
Task: {AF497096-509C-46F5-81B6-1FC836B7583C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04] (Google Inc.)
Task: {B2BF22C8-D6DD-47CC-A046-7CEB168E98EB} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-4 No Task File <==== ATTENTION
Task: {BACBC0CE-317F-46F7-80B3-4E11186E49BB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BE3E001F-C45A-43A9-99ED-F54A26D29D43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BEE727AA-AF36-4766-A6E7-75640C848D11} - \ObronaCleanerUacSkip No Task File <==== ATTENTION
Task: {D764DC59-8EA6-4521-959E-F6426A047AA6} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-1-7 No Task File <==== ATTENTION
Task: {DA15D996-A98A-4949-9C31-8F425EFBB798} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-18] (Adobe Systems Incorporated)
Task: {DBA01E38-CA1B-4131-B0B9-69D6320BB468} - System32\Tasks\QV7WrfASweRbfs0 => C:\Users\Mom\AppData\Roaming\Shafelo\5BqPNyx.exe [2015-03-22] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-22 17:47 - 2015-03-19 13:01 - 00256512 ___SH () C:\Program Files (x86)\Ncmanthicisinessibias\Ncmanthicisinessibias.exe
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-14 20:40 - 2015-02-14 20:40 - 00381440 _____ () C:\Windows\mod_frst.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:27790C06
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:D987CB43
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^T.O.V.A. 8 (automatic startup).lnk => C:\Windows\pss\T.O.V.A. 8 (automatic startup).lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\1e782172-f6bf-484c-b313-e7a7a52baeaa.exe /check
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: C77B34DEB73DE0849E4BE289D36231EA4CA83D43._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MFNetworkScanUtility => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmileboxTray => "C:\Users\Mom\AppData\Roaming\Smilebox\SmileboxTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Mom\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2005915866-3535303436-4220142520-500 - Administrator - Disabled)
Guest (S-1-5-21-2005915866-3535303436-4220142520-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2005915866-3535303436-4220142520-1004 - Limited - Enabled)
Mom (S-1-5-21-2005915866-3535303436-4220142520-1000 - Administrator - Enabled) => C:\Users\Mom
==================== Faulty Device Manager Devices =============
Name: Xbox 360
Description: Xbox 360
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/23/2015 08:34:54 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={204D2DD0-70BC-4343-9330-B294D96463A0}: The user Mom-PC\Mom dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (03/23/2015 06:10:06 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (03/22/2015 05:34:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gentlemjmp_ieeuu.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 17fc
Start Time: 01d064e7d83e4170
Termination Time: 0
Application Path: C:\Users\Mom\AppData\Local\Temp\is-FBDQ9.tmp\gentlemjmp_ieeuu.tmp
Report Id:
Error: (03/22/2015 05:34:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program majmp_gentleeeuu.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a40
Start Time: 01d064e7d2cdbd10
Termination Time: 0
Application Path: C:\Users\Mom\AppData\Local\Temp\is-8BS6R.tmp\majmp_gentleeeuu.tmp
Report Id:
Error: (03/22/2015 05:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: pcasvc.dll, version: 6.1.7601.18741, time stamp: 0x54d04099
Exception code: 0xc0000005
Fault offset: 0x0000000000007a41
Faulting process id: 0x144
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Error: (03/22/2015 05:30:41 PM) (Source: MsiInstaller) (EventID: 11309) (User: Mom-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (03/22/2015 05:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ObronaCleaner.exe, version: 1.0.0.0, time stamp: 0x54ede102
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74001024
Faulting process id: 0x14a8
Faulting application start time: 0xObronaCleaner.exe0
Faulting application path: ObronaCleaner.exe1
Faulting module path: ObronaCleaner.exe2
Report Id: ObronaCleaner.exe3
Error: (03/22/2015 05:30:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: Mom-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.
Error: (03/22/2015 02:26:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: Mom-PC)
Description: Product: Adobe Reader XI (11.0.10) - Update 'Adobe Reader XI (11.0.10)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
Error: (03/22/2015 02:26:15 PM) (Source: MsiInstaller) (EventID: 11402) (User: Mom-PC)
Description: Product: Adobe Reader XI (11.0.10) -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE32\Software\MozillaPlugins\Adobe Reader. System error 5. Verify that you have sufficient access to that key, or contact your support personnel.
System errors:
=============
Error: (03/24/2015 05:48:41 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
Feature: %%886
Error Code: 0x80070005
Error description: Access is denied.
Reason: %%858
Error: (03/24/2015 05:48:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (03/24/2015 03:38:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (03/24/2015 11:30:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (03/24/2015 11:30:48 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (03/23/2015 08:15:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (03/23/2015 08:15:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (03/23/2015 08:12:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (03/23/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Error: (03/23/2015 08:08:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10106
Microsoft Office Sessions:
=========================
Error: (03/23/2015 08:34:54 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {204D2DD0-70BC-4343-9330-B294D96463A0}Mom-PC\MomBroadband Connection651
Error: (03/23/2015 06:10:06 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (03/22/2015 05:34:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gentlemjmp_ieeuu.tmp51.52.0.017fc01d064e7d83e41700C:\Users\Mom\AppData\Local\Temp\is-FBDQ9.tmp\gentlemjmp_ieeuu.tmp
Error: (03/22/2015 05:34:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: majmp_gentleeeuu.tmp51.52.0.01a4001d064e7d2cdbd100C:\Users\Mom\AppData\Local\Temp\is-8BS6R.tmp\majmp_gentleeeuu.tmp
Error: (03/22/2015 05:33:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_PcaSvc6.1.7600.163854a5bc3c1pcasvc.dll6.1.7601.1874154d04099c00000050000000000007a4114401d064cc359afc80C:\Windows\System32\svchost.exec:\windows\system32\pcasvc.dll1bff8f90-d0db-11e4-982e-003067529c86
Error: (03/22/2015 05:30:41 PM) (Source: MsiInstaller) (EventID: 11309) (User: Mom-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/22/2015 05:30:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ObronaCleaner.exe1.0.0.054ede102unknown0.0.0.000000000c00000057400102414a801d064e72b4dd340C:\Users\Mom\AppData\Local\Obrona Cleaner\ObronaCleaner.exeunknowna8e29110-d0da-11e4-982e-003067529c86
Error: (03/22/2015 05:30:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: Mom-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (03/22/2015 02:26:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: Mom-PC)
Description: Adobe Reader XI (11.0.10)Adobe Reader XI (11.0.10)1603(NULL)(NULL)(NULL)
Error: (03/22/2015 02:26:15 PM) (Source: MsiInstaller) (EventID: 11402) (User: Mom-PC)
Description: Product: Adobe Reader XI (11.0.10) -- Error 1402.Could not open key: HKEY_LOCAL_MACHINE32\Software\MozillaPlugins\Adobe Reader. System error 5. Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2013-05-04 13:49:49.966
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Lisa_wysong.exe\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-05-04 13:49:49.701
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Lisa_wysong.exe\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-09 20:00:05.120
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-09 20:00:04.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon™ II X3 445 Processor
Percentage of memory in use: 29%
Total physical RAM: 6143.37 MB
Available physical RAM: 4341.77 MB
Total Pagefile: 12284.92 MB
Available Pagefile: 10698.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.73 GB) (Free:79.95 GB) NTFS
Drive z: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: E686F016)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Sign In
Create Account
