Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

chrome 32*


  • Please log in to reply

#1
freeatlast

freeatlast

    New Member

  • Member
  • Pip
  • 8 posts

Hi - thanks for reading my post.

 

My google chrome started acting funny recently (last few weeks)  I ran malwarebytes and it did quarantine a number of 'trojan' files but the problem persists.  After researching I came across the issue of multiple chrome 32* processes (high CPU usage)  running even after chrome is shut down and I discovered that was happening on my machine. reinstalling didn't solve the problem.  

 

Also - I had some adware my kids accidentally installed on my computer over a month ago that I thought I had removed but malwarebytes keeps finding them and saying they are quarantined but they keep showing up in the 'files detected'.  Those file names are temp 2F88  and temp 696A

 

I have attached the logs below.  Anything you could do to help would be very very much appreciated.

 

THANK YOU

 

===========
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by fabfour (administrator) on MGVCWLT098992 on 01-04-2015 23:14:43
Running from C:\Users\fabfour\Desktop
Loaded Profiles: fabfour (Available profiles: Teresa Smith & fabfour)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(DameWare Development LLC) C:\Windows\dwrcs\DWRCS.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxddcoms.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Specops Software) C:\Windows\System32\SppClient.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
(Lexmark) C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(DameWare Development) C:\Windows\dwrcs\DWRCST.EXE
(Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Specops Password Client] => C:\Windows\system32\SppClient.exe [896088 2011-06-17] (Specops Software)
HKLM\...\Run: [lxddmon.exe] => C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760 2007-02-12] ()
HKLM\...\Run: [lxddamon] => C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480 2007-02-05] (Lexmark)
HKLM\...\Run: [LXDDCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDDtime.dll,RunDLLEntry
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [295808 2011-02-25] (DameWare Development)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2853424 2014-03-18] (Trend Micro Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [312240 2007-02-12] ()
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [83448 2013-05-02] ()
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ( ())
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\MountPoints2: {75e74f47-123b-11e2-a258-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\MountPoints2: {b3a55b87-94bb-11e3-b338-e006e6badf2c} - D:\iLinker.exe
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\MountPoints2: {e626bbf3-2423-11e3-9930-e006e6badf2c} - F:\setup.exe -a
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\fabfour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENP&bmod=LENP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> DefaultScope {978D1B70-5A61-4740-9CF5-57C8DB7EB841} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {170EC34F-489A-4E92-A140-D9EF35576EDE} URL = http://search.yahoo....petb&type=10881
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...NP_enUS522US525
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {978D1B70-5A61-4740-9CF5-57C8DB7EB841} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...p={searchTerms}
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-11-19] (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg32.dll [2014-06-10] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-09-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-11-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg32.dll [2014-06-10] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [2013-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll [2013-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-04-25] ()
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3170475204-2998451479-513436353-1003: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3170475204-2998451479-513436353-1003: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
 
Chrome: 
=======
CHR Profile: C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (YouTube) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google Search) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [317312 2012-10-01] (Symantec Corporation)
R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2108800 2012-10-01] (Symantec Corporation)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408448 2012-10-01] (Symantec Corporation)
R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [693632 2011-02-25] (DameWare Development LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
R2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-03-25] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1793424 2014-06-23] (Trend Micro Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-09] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [51760 2014-11-11] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-10-23] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [1998080 2014-07-24] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [927768 2013-10-14] (Trend Micro Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-12] (DameWare)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [85376 2013-08-29] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-02] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65336 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
U3 tmpfw; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-01 23:11 - 2015-04-01 23:12 - 00043568 _____ () C:\Users\fabfour\Desktop\Addition.txt
2015-04-01 23:02 - 2015-04-01 23:03 - 00043570 _____ () C:\Users\fabfour\Downloads\Addition.txt
2015-04-01 23:01 - 2015-04-01 23:14 - 00032501 _____ () C:\Users\fabfour\Desktop\FRST.txt
2015-04-01 23:01 - 2015-04-01 23:14 - 00000000 ____D () C:\FRST
2015-04-01 23:01 - 2015-04-01 23:01 - 02095616 _____ (Farbar) C:\Users\fabfour\Desktop\FRST64.exe
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\AppData\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\AppData\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\fabfour\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\AppData\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\AppData\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\fabfour\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\AppData\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\AppData\Local\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\AppData\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\fabfour\HELP_DECRYPT.URL
2015-04-01 19:35 - 2015-04-01 21:01 - 00008572 _____ () C:\Users\fabfour\Documents\HELP_DECRYPT.HTML
2015-04-01 19:35 - 2015-04-01 21:01 - 00004226 _____ () C:\Users\fabfour\Documents\HELP_DECRYPT.TXT
2015-04-01 19:35 - 2015-04-01 21:01 - 00000276 _____ () C:\Users\fabfour\Documents\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 00008572 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 00008572 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 00008572 _____ () C:\Users\fabfour\AppData\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 00004226 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 00004226 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 00004226 _____ () C:\Users\fabfour\AppData\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 00000276 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 00000276 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 00000276 _____ () C:\Users\fabfour\AppData\HELP_DECRYPT.URL
2015-04-01 19:28 - 2015-04-01 19:28 - 00008572 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-01 19:28 - 2015-04-01 19:28 - 00004226 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-01 19:28 - 2015-04-01 19:28 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-31 23:34 - 2015-03-31 23:34 - 00057328 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging (3).xls
2015-03-31 23:33 - 2015-03-31 23:33 - 00057328 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging (2).xls
2015-03-31 20:33 - 2015-03-31 20:33 - 00053792 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging (1).xls
2015-03-31 10:51 - 2015-04-01 19:25 - 00000708 _____ () C:\Users\fabfour\AppData\Roaming\template.css
2015-03-31 10:51 - 2015-03-31 18:01 - 00000108 _____ () C:\Users\fabfour\AppData\Roaming\template.log
2015-03-31 10:51 - 2015-03-31 10:51 - 00226824 _____ () C:\Users\fabfour\AppData\Roaming\f601cd04c233e6d.xml
2015-03-31 10:51 - 2015-03-31 10:51 - 00092168 _____ () C:\Users\fabfour\AppData\Roaming\1e207c0b6b8f382.xml
2015-03-31 00:58 - 2015-03-31 00:58 - 00002848 _____ () C:\Users\fabfour\Downloads\UnbilledVoice.xls
2015-03-31 00:09 - 2015-03-31 00:09 - 00050384 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging.xls
2015-03-30 21:41 - 2015-03-30 21:41 - 00009872 _____ () C:\Users\fabfour\Downloads\ASAP Invoice.zip
2015-03-30 21:07 - 2015-03-30 21:10 - 00000000 ____D () C:\Users\fabfour\AppData\Local\bovobi
2015-03-28 23:53 - 2015-03-28 23:53 - 00195360 _____ () C:\Users\fabfour\Downloads\Child-Support-Guidelines-2014.xls
2015-03-28 01:30 - 2015-03-28 10:44 - 00033344 _____ () C:\Users\fabfour\Downloads\download (12).CSV
2015-03-28 01:22 - 2015-03-28 01:22 - 00085440 _____ () C:\Users\fabfour\Downloads\download (11).CSV
2015-03-28 01:21 - 2015-03-28 01:21 - 00047872 _____ () C:\Users\fabfour\Downloads\download (10).CSV
2015-03-28 01:19 - 2015-04-01 19:35 - 00000000 ____D () C:\Users\fabfour\Documents\work info
2015-03-13 03:04 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 03:04 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 03:04 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 03:04 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 03:04 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 03:04 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 03:04 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 03:04 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 03:04 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 03:04 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 03:03 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 03:03 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 03:03 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 03:03 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 03:03 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 03:03 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 03:03 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 03:03 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 03:03 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 03:03 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 03:03 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 03:03 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 03:03 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 03:03 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 03:03 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 03:03 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 03:03 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 03:03 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 03:03 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 03:03 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 03:03 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 03:03 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 03:03 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-13 03:03 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 03:03 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 03:01 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 03:01 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 03:01 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 03:01 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 03:01 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 03:01 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 03:01 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 03:01 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 03:01 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 03:01 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 03:01 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 03:01 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 03:01 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 03:01 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 03:01 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 03:01 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 03:01 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 03:01 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 03:00 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 03:00 - 2015-02-21 15:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 03:00 - 2015-02-21 15:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 03:00 - 2015-02-21 15:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 03:00 - 2015-02-21 15:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 03:00 - 2015-02-21 14:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 03:00 - 2015-02-21 14:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 03:00 - 2015-02-21 14:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 03:00 - 2015-02-21 14:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-13 03:00 - 2015-02-21 14:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 03:00 - 2015-02-21 14:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-13 03:00 - 2015-02-21 14:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 03:00 - 2015-02-21 14:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 03:00 - 2015-02-21 14:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 03:00 - 2015-02-21 14:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-13 03:00 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 03:00 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 03:00 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 03:00 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 03:00 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 03:00 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 03:00 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 03:00 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-13 03:00 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 03:00 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 03:00 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-13 03:00 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-13 03:00 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 03:00 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 03:00 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 03:00 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 03:00 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 03:00 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 03:00 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 23:28 - 2015-03-11 23:28 - 00089024 _____ () C:\Users\fabfour\Downloads\Hoshin_Policy_Deployment_Templates.xlsx
2015-03-07 13:05 - 2015-03-07 13:06 - 152428336 _____ (Apple Inc.) C:\Users\fabfour\Downloads\itunes6464setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-01 23:06 - 2009-07-14 00:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 23:06 - 2009-07-14 00:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 22:54 - 2013-04-01 00:11 - 00160332 _____ () C:\Windows\setupact.log
2015-04-01 22:50 - 2009-07-14 01:13 - 00988884 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 22:44 - 2013-09-19 23:46 - 00000000 ____D () C:\Program Files\Lx_cats
2015-04-01 22:44 - 2013-04-03 12:36 - 00103142 _____ () C:\Windows\PFRO.log
2015-04-01 22:44 - 2012-10-09 14:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 22:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 22:43 - 2012-10-09 14:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 22:09 - 2014-06-12 16:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 21:29 - 2014-03-29 16:13 - 00004391 _____ () C:\Windows\TMFilter.log
2015-04-01 21:12 - 2013-09-06 03:20 - 00000000 ____D () C:\Users\fabfour
2015-04-01 21:12 - 2013-05-09 22:44 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Research In Motion
2015-04-01 21:12 - 2013-05-09 22:44 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Research In Motion
2015-04-01 21:12 - 2013-04-01 12:54 - 00000000 ____D () C:\Users\Teresa.Smith\Corel
2015-04-01 21:12 - 2013-04-01 12:54 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Corel
2015-04-01 21:12 - 2013-02-27 22:56 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Roblox
2015-04-01 21:12 - 2013-02-26 19:04 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Skype
2015-04-01 21:12 - 2013-02-26 18:59 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Apple Computer
2015-04-01 21:12 - 2013-02-26 18:59 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Apple Computer
2015-04-01 21:12 - 2013-02-26 18:52 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Google
2015-04-01 21:12 - 2013-02-26 18:42 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\FileOpen
2015-04-01 21:12 - 2013-02-26 18:07 - 00000000 ___SD () C:\Users\Teresa.Smith\Documents\My Data Sources
2015-04-01 21:12 - 2013-02-26 18:06 - 00000000 ____D () C:\Users\Teresa.Smith\Documents\eFax Messenger 4.4
2015-04-01 21:12 - 2013-02-26 18:02 - 00000000 ____D () C:\Users\mic\AppData\Roaming\FileOpen
2015-04-01 21:12 - 2013-02-26 17:39 - 00000000 ____D () C:\Users\mic\AppData\Roaming\LSC
2015-04-01 21:12 - 2013-02-26 17:29 - 00000000 ____D () C:\Users\mic
2015-04-01 21:12 - 2013-02-22 14:18 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\LSC
2015-04-01 21:12 - 2013-02-22 14:18 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Adobe
2015-04-01 21:12 - 2013-02-22 14:11 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Nitro PDF
2015-04-01 21:12 - 2013-02-22 14:08 - 00000000 ____D () C:\Users\Teresa.Smith
2015-04-01 21:12 - 2013-02-07 12:38 - 00000000 ____D () C:\Users\Teresa Smith\AppData\Roaming\LSC
2015-04-01 21:12 - 2013-02-07 12:31 - 00000000 ____D () C:\Users\Teresa Smith\AppData\Local\Google
2015-04-01 21:12 - 2013-02-07 12:28 - 00000000 ____D () C:\Users\Teresa Smith
2015-04-01 20:52 - 2014-08-12 15:46 - 00028896 _____ () C:\Users\fabfour\Downloads\noname (2).eml
2015-04-01 20:51 - 2014-08-07 16:00 - 00028896 _____ () C:\Users\fabfour\Downloads\noname (1).eml
2015-04-01 20:51 - 2014-08-07 15:48 - 00028896 _____ () C:\Users\fabfour\Downloads\noname.eml
2015-04-01 19:35 - 2014-08-20 00:03 - 00000000 ____D () C:\Users\fabfour\Documents\Landon Video
2015-04-01 19:35 - 2014-05-23 11:35 - 00000000 ____D () C:\Users\fabfour\Documents\RESUME
2015-04-01 19:35 - 2014-02-03 03:12 - 00000000 ___SD () C:\Users\fabfour\Documents\My Data Sources
2015-04-01 19:35 - 2014-01-18 04:51 - 00000000 ____D () C:\Users\fabfour\Documents\Optimizer Pro
2015-04-01 19:35 - 2013-11-06 16:48 - 00000000 ____D () C:\Users\fabfour\Documents\Tegile
2015-04-01 19:35 - 2013-11-01 22:39 - 00000000 ____D () C:\Users\fabfour\Documents\Projects
2015-04-01 19:35 - 2013-09-09 11:02 - 00000000 ____D () C:\Users\fabfour\Documents\Orders
2015-04-01 19:34 - 2014-06-07 14:06 - 00000000 ____D () C:\Users\fabfour\Documents\HTC
2015-04-01 19:34 - 2013-09-13 20:51 - 00000000 ____D () C:\Users\fabfour\Documents\Important Docs
2015-04-01 19:33 - 2014-05-22 02:20 - 00000000 ____D () C:\Users\fabfour\Documents\from usb
2015-04-01 19:29 - 2015-01-26 23:13 - 00000000 ____D () C:\Users\fabfour\Desktop\MEMA (@MassEMA)   Twitter_files
2015-04-01 19:29 - 2014-12-21 13:55 - 00000000 ____D () C:\Users\fabfour\Desktop\returns
2015-04-01 19:29 - 2014-12-14 23:14 - 00000000 ____D () C:\Users\fabfour\AppData\Local\MetaGeek,_LLC
2015-04-01 19:29 - 2014-12-12 22:21 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\Verizon
2015-04-01 19:29 - 2014-09-13 16:58 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Origin
2015-04-01 19:29 - 2014-06-13 12:45 - 00000000 ____D () C:\Users\fabfour\Documents\contracting info
2015-04-01 19:29 - 2014-06-07 14:22 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\MyPhoneExplorer
2015-04-01 19:29 - 2014-06-07 14:08 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\HTC
2015-04-01 19:29 - 2014-06-07 14:04 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Backup Assistant Plus
2015-04-01 19:29 - 2014-05-19 16:46 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\PhotoScape
2015-04-01 19:29 - 2014-05-19 01:34 - 00000000 ____D () C:\Users\fabfour\Desktop\UE
2015-04-01 19:29 - 2014-03-23 02:32 - 00000000 ____D () C:\Users\fabfour\Documents\bmm
2015-04-01 19:29 - 2014-03-12 10:43 - 00000000 ____D () C:\Users\fabfour\Desktop\things to do in mass
2015-04-01 19:29 - 2014-01-26 20:19 - 00000000 ____D () C:\Users\fabfour\Desktop\Landon
2015-04-01 19:29 - 2014-01-12 04:04 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Big Fish
2015-04-01 19:29 - 2014-01-07 20:08 - 00000000 ____D () C:\Users\fabfour\Desktop\avery
2015-04-01 19:29 - 2013-11-15 02:51 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\deskPDF Editor
2015-04-01 19:29 - 2013-09-20 08:28 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\FaxCtr
2015-04-01 19:29 - 2013-09-17 19:53 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Apple Computer
2015-04-01 19:29 - 2013-09-17 01:24 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Evernote
2015-04-01 19:29 - 2013-09-09 12:54 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\FileOpen
2015-04-01 19:29 - 2013-09-06 03:59 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Google
2015-04-01 19:29 - 2013-09-06 03:30 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\Adobe
2015-04-01 19:29 - 2013-09-06 03:22 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\Nitro PDF
2015-04-01 19:29 - 2011-02-24 13:03 - 00000000 ____D () C:\SWTOOLS
2015-04-01 19:28 - 2015-02-08 02:48 - 00000000 ___SD () C:\ComboFix
2015-04-01 19:28 - 2015-01-18 04:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-01 19:28 - 2014-09-13 16:57 - 00000000 ____D () C:\ProgramData\Origin
2015-04-01 19:28 - 2014-07-31 21:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-04-01 19:28 - 2013-09-27 22:42 - 00000000 ____D () C:\lexmark
2015-04-01 19:28 - 2013-09-19 23:42 - 00000000 ____D () C:\ProgramData\FaxCtr
2015-04-01 19:28 - 2013-02-26 19:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 19:28 - 2012-10-09 14:15 - 01470908 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 19:28 - 2012-10-09 14:12 - 00000000 ____D () C:\ProgramData\Corel
2015-04-01 19:28 - 2012-10-09 14:05 - 00000000 ____D () C:\ProgramData\Intel
2015-04-01 19:28 - 2012-10-09 13:53 - 00000000 ____D () C:\mfg
2015-04-01 19:28 - 2012-10-09 13:52 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-30 21:16 - 2013-09-15 19:19 - 00000000 ____D () C:\Users\fabfour\AppData\Local\CrashDumps
2015-03-13 19:21 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 19:21 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-13 11:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:36 - 2009-07-14 00:45 - 00393992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-09 17:52 - 2014-09-13 16:57 - 00000000 ____D () C:\Program Files (x86)\Origin
 
==================== Files in the root of some directories =======
 
2015-03-31 10:51 - 2015-03-31 10:51 - 0092168 _____ () C:\Users\fabfour\AppData\Roaming\1e207c0b6b8f382.xml
2015-03-31 10:51 - 2015-03-31 10:51 - 0226824 _____ () C:\Users\fabfour\AppData\Roaming\f601cd04c233e6d.xml
2015-04-01 19:29 - 2015-04-01 19:29 - 0008572 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 0045441 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-01 19:29 - 2015-04-01 19:29 - 0004226 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 0000276 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.URL
2013-09-06 04:12 - 2013-09-06 04:12 - 0000868 _____ () C:\Users\fabfour\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-31 10:51 - 2015-04-01 19:25 - 0000708 _____ () C:\Users\fabfour\AppData\Roaming\template.css
2015-03-31 10:51 - 2015-03-31 18:01 - 0000108 _____ () C:\Users\fabfour\AppData\Roaming\template.log
2015-04-01 19:29 - 2015-04-01 19:29 - 0008572 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 0045441 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.PNG
2015-04-01 19:29 - 2015-04-01 19:29 - 0004226 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 0000276 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.URL
2015-04-01 19:28 - 2015-04-01 19:28 - 0008572 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-01 19:28 - 2015-04-01 19:28 - 0045441 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-01 19:28 - 2015-04-01 19:28 - 0004226 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-01 19:28 - 2015-04-01 19:28 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2013-04-01 12:54 - 2013-04-01 12:54 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some content of TEMP:
====================
C:\Users\fabfour\AppData\Local\Temp\APNSetup.exe
C:\Users\fabfour\AppData\Local\Temp\bstrapInstall.exe
C:\Users\fabfour\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\fabfour\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\fabfour\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\fabfour\AppData\Local\Temp\MotoHelper_2.0.49_Driver_5.0.0.exe
C:\Users\Teresa Smith\AppData\Local\Temp\ose00000.exe
C:\Users\Teresa.Smith\AppData\Local\Temp\install_flashplayer11x32ax_aih.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SWREG.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 00:35
 
==================== End Of Log ============================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP

Looks like cryptowall.  If it has not been stopped by MBAM or Trend your data files have been encrypted and you won't be able to decrypt them.   Disconnect any backup drives immediately.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0

#3
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks for helping me....all my photos are gone :(  I am not having a good april fools day.   Some of the files in my fixlist may say they weren't found.  I was just coming here to repost that I had discovered the help_decrypt files.  I deleted a few then realized I likely had an enormous problem when they were in all of my folders.  

 

I have attached the files you requested and again thank you for your help.  I really appreciate it.

 

 

FIXLOG

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by fabfour at 2015-04-02 00:07:06 Run:1
Running from C:\Users\fabfour\Desktop
Loaded Profiles: fabfour (Available profiles: Teresa Smith & fabfour)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ( ())
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> DefaultScope {978D1B70-5A61-4740-9CF5-57C8DB7EB841} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...NP_enUS522US525
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {978D1B70-5A61-4740-9CF5-57C8DB7EB841} URL = http://search.findwi...k={searchTerms}
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = http://www.default-s...p={searchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-11-19] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-11-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-10]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]
U3 tmpfw; No ImagePath
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\Teresa Smith\AppData\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\mic\AppData\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00008572 _____ () C:\Users\fabfour\HELP_DECRYPT.HTML
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\Teresa Smith\AppData\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\mic\AppData\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00004226 _____ () C:\Users\fabfour\HELP_DECRYPT.TXT
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\Teresa Smith\AppData\HELP_DECRYPT.URL
2015-03-31 10:51 - 2015-03-31 10:51 - 0092168 _____ () C:\Users\fabfour\AppData\Roaming\1e207c0b6b8f382.xml
2015-03-31 10:51 - 2015-03-31 10:51 - 0226824 _____ () C:\Users\fabfour\AppData\Roaming\f601cd04c233e6d.xml
2015-04-01 19:29 - 2015-04-01 19:29 - 0008572 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 0045441 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.PNG
2015-04-01 19:29 - 2015-04-01 19:29 - 0004226 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 0000276 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 0008572 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 0045441 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.PNG
2015-04-01 19:29 - 2015-04-01 19:29 - 0004226 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 0000276 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.URL
2015-04-01 19:28 - 2015-04-01 19:28 - 0008572 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-01 19:28 - 2015-04-01 19:28 - 0045441 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-01 19:28 - 2015-04-01 19:28 - 0004226 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-01 19:28 - 2015-04-01 19:28 - 0000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\AppData\Local\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\mic\AppData\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\HELP_DECRYPT.URL
2015-04-01 21:12 - 2015-04-01 21:12 - 00000276 _____ () C:\Users\fabfour\HELP_DECRYPT.URL
2015-04-01 19:35 - 2015-04-01 21:01 - 00008572 _____ () C:\Users\fabfour\Documents\HELP_DECRYPT.HTML
2015-04-01 19:35 - 2015-04-01 21:01 - 00004226 _____ () C:\Users\fabfour\Documents\HELP_DECRYPT.TXT
2015-04-01 19:35 - 2015-04-01 21:01 - 00000276 _____ () C:\Users\fabfour\Documents\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 00008572 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 00008572 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 00008572 _____ () C:\Users\fabfour\AppData\HELP_DECRYPT.HTML
2015-04-01 19:29 - 2015-04-01 19:29 - 00004226 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 00004226 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 00004226 _____ () C:\Users\fabfour\AppData\HELP_DECRYPT.TXT
2015-04-01 19:29 - 2015-04-01 19:29 - 00000276 _____ () C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 00000276 _____ () C:\Users\fabfour\AppData\Local\HELP_DECRYPT.URL
2015-04-01 19:29 - 2015-04-01 19:29 - 00000276 _____ () C:\Users\fabfour\AppData\HELP_DECRYPT.URL
2015-04-01 19:28 - 2015-04-01 19:28 - 00008572 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-04-01 19:28 - 2015-04-01 19:28 - 00004226 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-04-01 19:28 - 2015-04-01 19:28 - 00000276 _____ () C:\ProgramData\HELP_DECRYPT.URL
ustomCLSID: HKU\S-1-5-21-3170475204-2998451479-513436353-1003_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\advpack.dll No File
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\bovobi => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\bovobi => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found. 
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3170475204-2998451479-513436353-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-3170475204-2998451479-513436353-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{978D1B70-5A61-4740-9CF5-57C8DB7EB841}" => Key deleted successfully.
HKCR\CLSID\{978D1B70-5A61-4740-9CF5-57C8DB7EB841} => Key not found. 
"HKU\S-1-5-21-3170475204-2998451479-513436353-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
smihlp2 => Service deleted successfully.
tmpfw => Service deleted successfully.
C:\Users\Teresa.Smith\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa Smith\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa Smith\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mic\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mic\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mic\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\mic\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\fabfour\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Teresa.Smith\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa Smith\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa Smith\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\mic\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\mic\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\mic\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\mic\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\fabfour\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Teresa.Smith\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa.Smith\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa.Smith\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa.Smith\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa.Smith\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa Smith\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa Smith\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa Smith\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Teresa Smith\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\fabfour\AppData\Roaming\1e207c0b6b8f382.xml => Moved successfully.
C:\Users\fabfour\AppData\Roaming\f601cd04c233e6d.xml => Moved successfully.
C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\fabfour\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\fabfour\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
C:\Users\fabfour\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\fabfour\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mic\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mic\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mic\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\mic\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\Users\HELP_DECRYPT.URL => Moved successfully.
C:\Users\fabfour\HELP_DECRYPT.URL => Moved successfully.
C:\Users\fabfour\Documents\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\fabfour\Documents\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\fabfour\Documents\HELP_DECRYPT.URL => Moved successfully.
"C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\fabfour\AppData\Local\HELP_DECRYPT.HTML" => File/Directory not found.
C:\Users\fabfour\AppData\HELP_DECRYPT.HTML => Moved successfully.
"C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\fabfour\AppData\Local\HELP_DECRYPT.TXT" => File/Directory not found.
C:\Users\fabfour\AppData\HELP_DECRYPT.TXT => Moved successfully.
"C:\Users\fabfour\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
"C:\Users\fabfour\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
C:\Users\fabfour\AppData\HELP_DECRYPT.URL => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.
ustomCLSID: HKU\S-1-5-21-3170475204-2998451479-513436353-1003_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\advpack.dll No File => Error: No automatic fix found for this entry.
 
==== End of Fixlog 00:07:07 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by fabfour (administrator) on MGVCWLT098992 on 02-04-2015 00:09:42
Running from C:\Users\fabfour\Desktop
Loaded Profiles: fabfour (Available profiles: Teresa Smith & fabfour)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(DameWare Development LLC) C:\Windows\dwrcs\DWRCS.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
( ) C:\Windows\System32\lxddcoms.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Specops Software) C:\Windows\System32\SppClient.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
(Lexmark) C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(DameWare Development) C:\Windows\dwrcs\DWRCST.EXE
(Docudesk Corporation) C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Symantec Corporation) C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Specops Password Client] => C:\Windows\system32\SppClient.exe [896088 2011-06-17] (Specops Software)
HKLM\...\Run: [lxddmon.exe] => C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760 2007-02-12] ()
HKLM\...\Run: [lxddamon] => C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480 2007-02-05] (Lexmark)
HKLM\...\Run: [LXDDCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXDDtime.dll,RunDLLEntry
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [295808 2011-02-25] (DameWare Development)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2853424 2014-03-18] (Trend Micro Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [312240 2007-02-12] ()
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [83448 2013-05-02] ()
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ( ())
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\MountPoints2: {75e74f47-123b-11e2-a258-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\MountPoints2: {b3a55b87-94bb-11e3-b338-e006e6badf2c} - D:\iLinker.exe
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\...\MountPoints2: {e626bbf3-2423-11e3-9930-e006e6badf2c} - F:\setup.exe -a
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\fabfour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LENP&bmod=LENP
SearchScopes: HKU\S-1-5-21-3170475204-2998451479-513436353-1003 -> {170EC34F-489A-4E92-A140-D9EF35576EDE} URL = http://search.yahoo....petb&type=10881
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg32.dll [2014-06-10] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-09-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg32.dll [2014-06-10] (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll [2013-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll [2013-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-04-25] ()
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3170475204-2998451479-513436353-1003: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-3170475204-2998451479-513436353-1003: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-10-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
 
Chrome: 
=======
CHR Profile: C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-06]
CHR Extension: (Google Drive) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-06]
CHR Extension: (YouTube) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google Search) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Google Wallet) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR Extension: (Gmail) - C:\Users\fabfour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AeXAgentSrvHost; C:\Program Files\Altiris\Altiris Agent\x86\AeXNSAgentHostSurrogate32.exe [317312 2012-10-01] (Symantec Corporation)
R2 AeXNSClient; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2108800 2012-10-01] (Symantec Corporation)
S3 AltirisAgentProvider; C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe [408448 2012-10-01] (Symantec Corporation)
R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-02-06] (Research In Motion Limited) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [693632 2011-02-25] (DameWare Development LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
R2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-03-25] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1793424 2014-06-23] (Trend Micro Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-09] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [51760 2014-11-11] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-10-23] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [1998080 2014-07-24] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [927768 2013-10-14] (Trend Micro Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-12] (DameWare)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [85376 2013-08-29] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-02] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65336 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 00:06 - 2015-04-02 00:06 - 00020754 _____ () C:\Users\fabfour\Downloads\fixlist.txt
2015-04-01 23:11 - 2015-04-01 23:12 - 00043568 _____ () C:\Users\fabfour\Desktop\Addition.txt
2015-04-01 23:02 - 2015-04-01 23:03 - 00043570 _____ () C:\Users\fabfour\Downloads\Addition.txt
2015-04-01 23:01 - 2015-04-02 00:10 - 00029644 _____ () C:\Users\fabfour\Desktop\FRST.txt
2015-04-01 23:01 - 2015-04-02 00:09 - 00000000 ____D () C:\FRST
2015-04-01 23:01 - 2015-04-01 23:01 - 02095616 _____ (Farbar) C:\Users\fabfour\Desktop\FRST64.exe
2015-03-31 23:34 - 2015-03-31 23:34 - 00057328 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging (3).xls
2015-03-31 23:33 - 2015-03-31 23:33 - 00057328 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging (2).xls
2015-03-31 20:33 - 2015-03-31 20:33 - 00053792 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging (1).xls
2015-03-31 10:51 - 2015-04-01 19:25 - 00000708 _____ () C:\Users\fabfour\AppData\Roaming\template.css
2015-03-31 10:51 - 2015-03-31 18:01 - 00000108 _____ () C:\Users\fabfour\AppData\Roaming\template.log
2015-03-31 00:58 - 2015-03-31 00:58 - 00002848 _____ () C:\Users\fabfour\Downloads\UnbilledVoice.xls
2015-03-31 00:09 - 2015-03-31 00:09 - 00050384 _____ () C:\Users\fabfour\Downloads\UnbilledMessaging.xls
2015-03-30 21:41 - 2015-03-30 21:41 - 00009872 _____ () C:\Users\fabfour\Downloads\ASAP Invoice.zip
2015-03-30 21:07 - 2015-03-30 21:10 - 00000000 ____D () C:\Users\fabfour\AppData\Local\bovobi
2015-03-28 23:53 - 2015-03-28 23:53 - 00195360 _____ () C:\Users\fabfour\Downloads\Child-Support-Guidelines-2014.xls
2015-03-28 01:30 - 2015-03-28 10:44 - 00033344 _____ () C:\Users\fabfour\Downloads\download (12).CSV
2015-03-28 01:22 - 2015-03-28 01:22 - 00085440 _____ () C:\Users\fabfour\Downloads\download (11).CSV
2015-03-28 01:21 - 2015-03-28 01:21 - 00047872 _____ () C:\Users\fabfour\Downloads\download (10).CSV
2015-03-28 01:19 - 2015-04-01 19:35 - 00000000 ____D () C:\Users\fabfour\Documents\work info
2015-03-13 03:04 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-13 03:04 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-13 03:04 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 03:04 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-13 03:04 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-13 03:04 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 03:04 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-13 03:04 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-13 03:04 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 03:04 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 03:03 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 03:03 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-13 03:03 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-13 03:03 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-13 03:03 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-13 03:03 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-13 03:03 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-13 03:03 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-13 03:03 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-13 03:03 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-13 03:03 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-13 03:03 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-13 03:03 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-13 03:03 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-13 03:03 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-13 03:03 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-13 03:03 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-13 03:03 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-13 03:03 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-13 03:03 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-13 03:03 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-13 03:03 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-13 03:03 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-13 03:03 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-13 03:03 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-13 03:03 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-13 03:03 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-13 03:03 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 03:03 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-13 03:01 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-13 03:01 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-13 03:01 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-13 03:01 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-13 03:01 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-13 03:01 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-13 03:01 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-13 03:01 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-13 03:01 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-13 03:01 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-13 03:01 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-13 03:01 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-13 03:01 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-13 03:01 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-13 03:01 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-13 03:01 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 03:01 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 03:01 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 03:01 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 03:01 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 03:00 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-13 03:00 - 2015-02-21 15:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 03:00 - 2015-02-21 15:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 03:00 - 2015-02-21 15:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 03:00 - 2015-02-21 15:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 03:00 - 2015-02-21 14:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 03:00 - 2015-02-21 14:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 03:00 - 2015-02-21 14:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 03:00 - 2015-02-21 14:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-13 03:00 - 2015-02-21 14:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-13 03:00 - 2015-02-21 14:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-13 03:00 - 2015-02-21 14:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-13 03:00 - 2015-02-21 14:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 03:00 - 2015-02-21 14:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-13 03:00 - 2015-02-21 14:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 03:00 - 2015-02-21 14:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-13 03:00 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 03:00 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 03:00 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 03:00 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 03:00 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 03:00 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 03:00 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 03:00 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-13 03:00 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 03:00 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-13 03:00 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 03:00 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-13 03:00 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-13 03:00 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-13 03:00 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-13 03:00 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 03:00 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 03:00 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 03:00 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 03:00 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 03:00 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 23:28 - 2015-03-11 23:28 - 00089024 _____ () C:\Users\fabfour\Downloads\Hoshin_Policy_Deployment_Templates.xlsx
2015-03-07 13:05 - 2015-03-07 13:06 - 152428336 _____ (Apple Inc.) C:\Users\fabfour\Downloads\itunes6464setup.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-02 00:07 - 2013-09-06 03:20 - 00000000 ____D () C:\Users\fabfour
2015-04-02 00:07 - 2013-02-26 17:29 - 00000000 ____D () C:\Users\mic
2015-04-02 00:07 - 2013-02-22 14:08 - 00000000 ____D () C:\Users\Teresa.Smith
2015-04-02 00:07 - 2013-02-07 12:28 - 00000000 ____D () C:\Users\Teresa Smith
2015-04-01 23:54 - 2014-03-12 10:43 - 00000000 ____D () C:\Users\fabfour\Desktop\things to do in mass
2015-04-01 23:54 - 2014-01-26 20:19 - 00000000 ____D () C:\Users\fabfour\Desktop\Landon
2015-04-01 23:54 - 2014-01-07 20:08 - 00000000 ____D () C:\Users\fabfour\Desktop\avery
2015-04-01 23:51 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-01 23:43 - 2012-10-09 14:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 23:43 - 2012-10-09 14:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 23:06 - 2009-07-14 00:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 23:06 - 2009-07-14 00:45 - 00034208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 22:54 - 2013-04-01 00:11 - 00160332 _____ () C:\Windows\setupact.log
2015-04-01 22:50 - 2009-07-14 01:13 - 00988884 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 22:44 - 2013-09-19 23:46 - 00000000 ____D () C:\Program Files\Lx_cats
2015-04-01 22:44 - 2013-04-03 12:36 - 00103142 _____ () C:\Windows\PFRO.log
2015-04-01 22:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 22:09 - 2014-06-12 16:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 21:29 - 2014-03-29 16:13 - 00004391 _____ () C:\Windows\TMFilter.log
2015-04-01 21:12 - 2013-05-09 22:44 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Research In Motion
2015-04-01 21:12 - 2013-05-09 22:44 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Research In Motion
2015-04-01 21:12 - 2013-04-01 12:54 - 00000000 ____D () C:\Users\Teresa.Smith\Corel
2015-04-01 21:12 - 2013-04-01 12:54 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Corel
2015-04-01 21:12 - 2013-02-27 22:56 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Roblox
2015-04-01 21:12 - 2013-02-26 19:04 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Skype
2015-04-01 21:12 - 2013-02-26 18:59 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Apple Computer
2015-04-01 21:12 - 2013-02-26 18:59 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Apple Computer
2015-04-01 21:12 - 2013-02-26 18:52 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Local\Google
2015-04-01 21:12 - 2013-02-26 18:42 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\FileOpen
2015-04-01 21:12 - 2013-02-26 18:07 - 00000000 ___SD () C:\Users\Teresa.Smith\Documents\My Data Sources
2015-04-01 21:12 - 2013-02-26 18:06 - 00000000 ____D () C:\Users\Teresa.Smith\Documents\eFax Messenger 4.4
2015-04-01 21:12 - 2013-02-26 18:02 - 00000000 ____D () C:\Users\mic\AppData\Roaming\FileOpen
2015-04-01 21:12 - 2013-02-26 17:39 - 00000000 ____D () C:\Users\mic\AppData\Roaming\LSC
2015-04-01 21:12 - 2013-02-22 14:18 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\LSC
2015-04-01 21:12 - 2013-02-22 14:18 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Adobe
2015-04-01 21:12 - 2013-02-22 14:11 - 00000000 ____D () C:\Users\Teresa.Smith\AppData\Roaming\Nitro PDF
2015-04-01 21:12 - 2013-02-07 12:38 - 00000000 ____D () C:\Users\Teresa Smith\AppData\Roaming\LSC
2015-04-01 21:12 - 2013-02-07 12:31 - 00000000 ____D () C:\Users\Teresa Smith\AppData\Local\Google
2015-04-01 20:52 - 2014-08-12 15:46 - 00028896 _____ () C:\Users\fabfour\Downloads\noname (2).eml
2015-04-01 20:51 - 2014-08-07 16:00 - 00028896 _____ () C:\Users\fabfour\Downloads\noname (1).eml
2015-04-01 20:51 - 2014-08-07 15:48 - 00028896 _____ () C:\Users\fabfour\Downloads\noname.eml
2015-04-01 19:35 - 2014-08-20 00:03 - 00000000 ____D () C:\Users\fabfour\Documents\Landon Video
2015-04-01 19:35 - 2014-05-23 11:35 - 00000000 ____D () C:\Users\fabfour\Documents\RESUME
2015-04-01 19:35 - 2014-02-03 03:12 - 00000000 ___SD () C:\Users\fabfour\Documents\My Data Sources
2015-04-01 19:35 - 2014-01-18 04:51 - 00000000 ____D () C:\Users\fabfour\Documents\Optimizer Pro
2015-04-01 19:35 - 2013-11-06 16:48 - 00000000 ____D () C:\Users\fabfour\Documents\Tegile
2015-04-01 19:35 - 2013-11-01 22:39 - 00000000 ____D () C:\Users\fabfour\Documents\Projects
2015-04-01 19:35 - 2013-09-09 11:02 - 00000000 ____D () C:\Users\fabfour\Documents\Orders
2015-04-01 19:34 - 2014-06-07 14:06 - 00000000 ____D () C:\Users\fabfour\Documents\HTC
2015-04-01 19:34 - 2013-09-13 20:51 - 00000000 ____D () C:\Users\fabfour\Documents\Important Docs
2015-04-01 19:33 - 2014-05-22 02:20 - 00000000 ____D () C:\Users\fabfour\Documents\from usb
2015-04-01 19:29 - 2014-12-14 23:14 - 00000000 ____D () C:\Users\fabfour\AppData\Local\MetaGeek,_LLC
2015-04-01 19:29 - 2014-12-12 22:21 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\Verizon
2015-04-01 19:29 - 2014-09-13 16:58 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Origin
2015-04-01 19:29 - 2014-06-13 12:45 - 00000000 ____D () C:\Users\fabfour\Documents\contracting info
2015-04-01 19:29 - 2014-06-07 14:22 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\MyPhoneExplorer
2015-04-01 19:29 - 2014-06-07 14:08 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\HTC
2015-04-01 19:29 - 2014-06-07 14:04 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Backup Assistant Plus
2015-04-01 19:29 - 2014-05-19 16:46 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\PhotoScape
2015-04-01 19:29 - 2014-03-23 02:32 - 00000000 ____D () C:\Users\fabfour\Documents\bmm
2015-04-01 19:29 - 2014-01-12 04:04 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Big Fish
2015-04-01 19:29 - 2013-11-15 02:51 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\deskPDF Editor
2015-04-01 19:29 - 2013-09-20 08:28 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\FaxCtr
2015-04-01 19:29 - 2013-09-17 19:53 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Apple Computer
2015-04-01 19:29 - 2013-09-17 01:24 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Evernote
2015-04-01 19:29 - 2013-09-09 12:54 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\FileOpen
2015-04-01 19:29 - 2013-09-06 03:59 - 00000000 ____D () C:\Users\fabfour\AppData\Local\Google
2015-04-01 19:29 - 2013-09-06 03:30 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\Adobe
2015-04-01 19:29 - 2013-09-06 03:22 - 00000000 ____D () C:\Users\fabfour\AppData\Roaming\Nitro PDF
2015-04-01 19:29 - 2011-02-24 13:03 - 00000000 ____D () C:\SWTOOLS
2015-04-01 19:28 - 2015-02-08 02:48 - 00000000 ___SD () C:\ComboFix
2015-04-01 19:28 - 2015-01-18 04:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-01 19:28 - 2014-09-13 16:57 - 00000000 ____D () C:\ProgramData\Origin
2015-04-01 19:28 - 2014-07-31 21:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-04-01 19:28 - 2013-09-27 22:42 - 00000000 ____D () C:\lexmark
2015-04-01 19:28 - 2013-09-19 23:42 - 00000000 ____D () C:\ProgramData\FaxCtr
2015-04-01 19:28 - 2013-02-26 19:03 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 19:28 - 2012-10-09 14:15 - 01470908 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 19:28 - 2012-10-09 14:12 - 00000000 ____D () C:\ProgramData\Corel
2015-04-01 19:28 - 2012-10-09 14:05 - 00000000 ____D () C:\ProgramData\Intel
2015-04-01 19:28 - 2012-10-09 13:53 - 00000000 ____D () C:\mfg
2015-04-01 19:28 - 2012-10-09 13:52 - 00000000 ____D () C:\ProgramData\Lenovo
2015-03-30 21:16 - 2013-09-15 19:19 - 00000000 ____D () C:\Users\fabfour\AppData\Local\CrashDumps
2015-03-13 19:21 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-13 19:21 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-13 11:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:36 - 2009-07-14 00:45 - 00393992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-09 17:52 - 2014-09-13 16:57 - 00000000 ____D () C:\Program Files (x86)\Origin
 
==================== Files in the root of some directories =======
 
2013-09-06 04:12 - 2013-09-06 04:12 - 0000868 _____ () C:\Users\fabfour\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-31 10:51 - 2015-04-01 19:25 - 0000708 _____ () C:\Users\fabfour\AppData\Roaming\template.css
2015-03-31 10:51 - 2015-03-31 18:01 - 0000108 _____ () C:\Users\fabfour\AppData\Roaming\template.log
2013-04-01 12:54 - 2013-04-01 12:54 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some content of TEMP:
====================
C:\Users\fabfour\AppData\Local\Temp\APNSetup.exe
C:\Users\fabfour\AppData\Local\Temp\bstrapInstall.exe
C:\Users\fabfour\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\fabfour\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\fabfour\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\fabfour\AppData\Local\Temp\MotoHelper_2.0.49_Driver_5.0.0.exe
C:\Users\Teresa Smith\AppData\Local\Temp\ose00000.exe
C:\Users\Teresa.Smith\AppData\Local\Temp\install_flashplayer11x32ax_aih.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SWREG.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 00:35
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by fabfour at 2015-04-02 00:10:53
Running from C:\Users\fabfour\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Client/Server Security Agent Antivirus (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Altiris Agent Install Service (x32 Version: 7.0.0.1 - Altiris Inc.) Hidden
Altiris Inventory Agent (x32 Version: 7.1.7858.0 - Altiris Inc.) Hidden
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlackBerry Device Software Updater (HKLM-x32\...\{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}) (Version: 7.1.0.89 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version:  - Docudesk)
deskUNPDF Converter 2012 (HKLM-x32\...\deskUNPDF Converter 2012) (Version: 4.0.0 - Docudesk)
deskUNPDF Converter 2012 (x32 Version: 4.0.0 - Docudesk) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Evernote v. 5.0.1 (HKLM-x32\...\{16FAE17E-1B3E-11E3-B23E-984BE15F174E}) (Version: 5.0.1.1188 - Evernote Corp.)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 45246 - Intel)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Lexmark 2500 Series (HKLM\...\Lexmark 2500 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MotoHelper 2.0.49 Driver  (HKLM-x32\...\MotoHelper) (Version: 2.0.49 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Patch Management Agent (Version: 7.1.7858.0 - Altiris) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.2.1 - ShopAtHome.com) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.2 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.2.106 - Skype Technologies S.A.)
Software Management Solution Plugin (Version: 7.1.7858.0 - Altiris Inc.) Hidden
Specops Password Client (x64) (HKLM\...\{73563738-6080-4193-9CCD-C670631590CB}) (Version: 4.5.10617.1 - Specops Software)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.1.1087 - Trend Micro)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.68.0 - Verizon)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3170475204-2998451479-513436353-1003_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3170475204-2998451479-513436353-1003_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3170475204-2998451479-513436353-1003_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\advpack.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {099A83E7-4900-4B02-AE4A-D334A99B3E45} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {2DE8F351-C662-40FC-A2C3-B0A74D7B76AA} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for MGVCWLT098992.fabfour => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {39D8FFA0-5655-4248-A4F4-4168870B2815} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {3F26DFBE-DCDC-422C-8F57-B5FC29E5DF74} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {4727BE1F-F414-4A6F-97E1-11ED89282049} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {5A0B7852-45EE-49D3-B898-988A000DB761} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {5A589650-03A9-46A5-A033-25332BB39340} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)
Task: {6B386D81-E457-42A6-9048-5A02D500B47C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {82719C1B-2C33-4B1D-B0B6-D0DC8DE17E41} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {870F3A67-E176-4EF6-94AF-773F0D9EE42D} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {9D959F21-57C8-438C-BA24-49E3451E6A79} - System32\Tasks\{70AAC262-FDFB-4947-887C-214F390B2ED3} => pcalua.exe -a "C:\Program Files (x86)\Nitro PDF\Professional 7\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro PDF\Professional 7" -c /UninstallWordAddin 1
Task: {9F27FFA6-6CCD-4360-B220-0DA43BDAE324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A32702C1-808E-483C-B23A-6F2E1BBCF40A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {ABBD6564-48F6-43AA-968F-CF910CC315B6} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BA2F586F-9168-41E7-BC0A-F3DA4DC93975} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {CC55A7A0-8552-4E15-8C35-25B9FD7D9CDA} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {CDE27664-869F-49A9-953E-A74BD118CBA5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CE41E384-0280-4379-BE27-74D8DC00DF58} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {D1CBCCBA-3377-41F6-A5D3-9F91B24FA45A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {DA2056A4-FA9A-45D0-849F-B8B27476B21C} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {EC2637C8-7815-4D59-8030-3226CD6C0C58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {ED016E8D-74D2-49DD-873D-676DED8329A9} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-03-25] ()
Task: {F53F7617-BB42-44C7-A6AD-92C07F578EDD} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for US.Teresa.Smith => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {FAAD4B5A-55CE-4FE1-8B7F-50D18810BFDE} - System32\Tasks\{E2DFE393-0035-49C3-A5F2-314B410B53EF} => pcalua.exe -a "C:\Program Files (x86)\Nitro PDF\Professional 7\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro PDF\Professional 7" -c /UninstallPowerPointAddin 1
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-11-15 02:51 - 2013-06-17 17:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll
2013-03-01 14:45 - 2012-09-18 19:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2013-09-19 23:43 - 2007-02-02 05:18 - 00045056 _____ () C:\Windows\System32\LXF3PMON.DLL
2013-09-19 23:42 - 2006-11-07 19:02 - 00036864 _____ () C:\Windows\System32\LXF3OEM.DLL
2013-09-19 23:42 - 2007-02-02 05:14 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2013-09-19 23:42 - 2007-02-02 05:22 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL
2013-03-01 14:45 - 2012-09-18 19:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-09-19 23:45 - 2007-02-27 05:20 - 00125952 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdddrpp.dll
2011-03-25 15:22 - 2011-03-25 15:22 - 00223088 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-12-28 05:33 - 2012-12-28 05:33 - 00094240 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\zlibwapi.dll
2012-10-09 14:11 - 2012-05-15 17:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2006-12-22 13:45 - 2006-12-22 13:45 - 01302016 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxddptpc.dll
2007-01-18 10:15 - 2007-02-27 05:22 - 00169984 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\lxdddrui.dll
2013-03-01 14:45 - 2012-09-18 19:27 - 03162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2013-03-01 14:45 - 2012-09-18 19:27 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2012-10-09 14:09 - 2012-03-19 02:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-19 23:40 - 2007-02-12 19:58 - 00291760 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
2011-03-25 15:21 - 2011-03-25 15:21 - 00673648 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2012-10-09 14:09 - 2012-03-20 22:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-09-13 16:53 - 2009-10-23 12:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-09 14:11 - 2011-08-02 07:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2012-10-09 14:11 - 2011-08-02 07:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-06-07 14:04 - 2008-12-19 18:26 - 02625536 _____ () C:\Program Files (x86)\ffdshow\ffdshow.ax
2013-09-19 23:40 - 2007-01-10 01:10 - 00278528 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll
2013-09-19 23:39 - 2007-02-01 22:41 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll
2013-09-19 23:39 - 2006-12-28 19:47 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll
2013-09-19 23:40 - 2007-02-05 19:34 - 00040960 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
2013-09-19 23:40 - 2007-02-05 19:34 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
2013-09-19 23:40 - 2007-02-05 19:32 - 00057344 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
2013-09-19 23:40 - 2007-02-05 19:32 - 00024576 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
2013-09-19 23:40 - 2007-01-24 14:53 - 00011776 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2013-09-11 16:05 - 2013-09-11 16:05 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-11 16:04 - 2013-09-11 16:04 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-09 14:17 - 2013-07-18 18:30 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-09 14:17 - 2013-07-18 18:31 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-10-09 14:08 - 2012-02-20 23:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-03-21 04:55 - 2015-03-14 06:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 04:55 - 2015-03-14 06:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 04:56 - 2015-03-14 06:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\fabfour\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\fabfour\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\fabfour\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3170475204-2998451479-513436353-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\fabfour\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: iPod Service => 3
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3170475204-2998451479-513436353-500 - Administrator - Disabled)
fabfour (S-1-5-21-3170475204-2998451479-513436353-1003 - Administrator - Enabled) => C:\Users\fabfour
Guest (S-1-5-21-3170475204-2998451479-513436353-501 - Limited - Enabled)
Teresa Smith (S-1-5-21-3170475204-2998451479-513436353-1000 - Administrator - Enabled) => C:\Users\Teresa Smith
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/01/2015 10:44:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/01/2015 10:44:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 09:38:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/01/2015 09:36:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 09:01:21 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (04/01/2015 09:01:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/01/2015 08:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 07:35:49 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (8772) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after Windows0 seconds with system error 1450 (0x000005aa): "".  The write operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/01/2015 07:35:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/01/2015 07:35:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (04/01/2015 10:44:28 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (04/01/2015 10:44:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: 
%%2
 
Error: (04/01/2015 10:44:17 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/01/2015 09:36:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (04/01/2015 09:36:22 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/01/2015 09:36:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: 
%%2
 
Error: (04/01/2015 08:41:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (04/01/2015 08:41:42 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/01/2015 08:41:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error: 
%%2
 
Error: (04/01/2015 07:35:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Trend Micro Client/Server Security Agent Proxy Service service terminated unexpectedly.  It has done this 3 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/01/2015 10:44:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (04/01/2015 10:44:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 09:38:50 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (04/01/2015 09:36:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 09:01:21 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (04/01/2015 09:01:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (04/01/2015 08:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/01/2015 07:35:49 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows8772Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log0 (0x0000000000000000)1048576 (0x00100000)-1011 (0xfffffc0d)1450 (0x000005aa)0
 
Error: (04/01/2015 07:35:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Windows\system32\credui.dllC:\Windows\system32\credui.dll0
 
Error: (04/01/2015 07:35:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Windows\system32\credui.dllC:\Windows\system32\credui.dll0
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-13 19:44:42.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-09 19:20:14.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-23 16:51:11.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 17:00:40.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-19 08:57:59.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-18 14:41:23.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-18 14:28:07.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-18 14:26:54.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-18 14:23:52.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-01-17 11:34:43.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 72%
Total physical RAM: 3819.96 MB
Available physical RAM: 1049.61 MB
Total Pagefile: 7638.11 MB
Available Pagefile: 3826.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:144.54 GB) (Free:8.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: C7DBE6AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=144.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=84)
 
==================== End Of Log ============================
 
 

  • 0

#4
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

forgot to add that I do not need the Teresa user profile if that makes it easier


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP

This one is not cooperating.  We can try one more time with FRST then we need to try something else.

 

If these are still present in a new FRST scan

 




HKLM-x32\...\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HHKLM-x32\...\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ()
HKLM\...\Policies\Explorer\Run: [bovobi] => C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe [349744 2015-03-30] ( ())
C:\Users\fabfour\AppData\Local\bovobi\bovobi.exe
 

 

 

(bovobi.exe is the malware.)
 
 

after running the FRST Fix with this fixlist then let's try Combofix:

 

ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.
 
Let's also try:
aswMBR:
 

Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
Don't expect Combofix or aswMBR to remove the bug.  They are just to show me how it is working so we can remove it with a special script.
 
The last one of these I worked on was actually a poweliks infection and the ESET tool here:
 
 
fixed it so you might try it too.  It can't hurt.
 
 

 

We may have to burn a CD and boot from the CD in order to get rid of it.

 

It's bedtime for me.  1 AM here.


  • 0

#6
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Will do this now. I had to go to bed - worked today just getting home.  I really appreciate this help.


  • 0

#7
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi - I ran the first part of your instructions and when the computer rebooted it made things worse.  When I opened explorer to see my file structure I could no longer see any folders on the left.  Favorites and something else were listed but there were icons next to them instead of the usual file structure.  

 

If my files are all gone is it easier to just wipe it clean and start over.  The files are the only thing I cared about.  I lieve I have the copy of windows....please advise.  I am running in safe mode now ....... 

 

This could not have happened to me at a worse time for personal reasons..  I need to have a computer that I feel safe storing things on - I will have to cry about all my pictures later.  Hard lesson which was self inflicted.

 

Thanks again for your help and advice.  


  • 0

#8
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

oops


  • 0

#9
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I was wrong - don't have it.  


  • 0

#10
freeatlast

freeatlast

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I am going to have this wiped - likely go buy a cheap one as again - really bad time for this to happen and I need to have a computer. Can you please tell me what the best program(s) are to routinely have on a machine that children use and could mistakenly click  on something bad like this again.  A recommendation would be greatly appreciated.  

 

Thanks for helping me. 


  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP

Do you have the Fix log?

 

In the search box type:

 

regedit.exe

 

and hit enter

 

Navigate to:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer and under Explorer find Run.  Right click on it and Delete.  If it won't let you then you need to take ownership of the key:

 

http://www.howtogeek...y-in-windows-7/

 

and then give yourself Full Control of the key.


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP

For children, make sure you have a password (with at least 8 characters)  on your admin account (and don't give it to the kids).  Create a second login which does not have admin rights and let the kids use that.  That will minimize the damage they can do since they will have to come to you to install a new program.  Remove Java from the PC and keep Flash up-to-date or better yet use Google Chrome which has its own version of flash and updates it automatically.   There is a program called Cryptoprevent which may help.

 

 
The free version does not update on its own so you should check for updated versions once in a while.
 
It's gotten a bit too aggressive recently so it may cause problems (AVG scans won't work with Cryptoprevent) in which case you can uninstall it like any other program.
 
Backup software with an external drive is a good idea but do not leave the external drive connected (or have two and alternate them weekly).  The infection you had would happily encrypt the backed up files too.
 
The free Avast is good enough for most people but if you want to pay for an antivirus then get Kaspersky.  We vary seldom see a PC with Kaspersky in the malware forum.  (McAfee, Symantec and Microsoft Security Essentials are the three we see most often

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP