Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/Malware pop up redirect

popoptionalspigot malware virus

  • Please log in to reply

#1
daniel.karakas

daniel.karakas

    Member

  • Member
  • PipPip
  • 88 posts

Hi,

 

I am running on Windows 7.

 

I downloaded a popup, redirect virus, malewarebytes calls it pup optional spigot.

 

I ran ADWCleaner, JRT, Malwarebytes and then Hitmanpro. But nothing, still have it.

 

Here is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by dale (administrator) on ASM52A2200 on 02-04-2015 17:51:12
Running from C:\Users\dale\Desktop
Loaded Profiles: dale (Available profiles: dale)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\skypemoticons\se.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\skypemoticons\se.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\skypemoticons\se.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000 -> {713ED581-7996-40FF-9790-10A2535A9D70} URL = https://search.yahoo...p={searchTerms}
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: iFinger plugin / Browser helper object -> {A114D52B-870C-4F15-8021-B6D7F91A054B} -> C:\Program Files (x86)\iFinger\plugins\IE.ifp [2001-07-09] (iFinger Ltd)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA} http://24.80.232.13:81/NetViewX.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...?rnd=1069883935
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-03-28] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itss51.dll [1999-06-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.92 64.59.150.138

FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://www.google.c...TBfTU-AOH_4DoAg
FF Keyword.URL: https://search.yahoo...&type=501549&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll [2013-12-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll [2013-12-02] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll [2011-03-16] (Alcatel-Lucent)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dale\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @talk.google.com/O1DPlugin -> C:\Users\dale\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @tools.google.com/Google Update;version=3 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @tools.google.com/Google Update;version=9 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: Mozilla Firefox Hotfixer - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\Extensions\[email protected] [2015-04-01]
FF Extension: Zoom It - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\Extensions\{ba9c838b-9425-ba29-a946-8aeafb453904} [2015-04-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-21]

Chrome:
=======
CHR HomePage: Default -> https://ca.search.ya...49&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://ca.search.ya...9&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...d={searchTerms}
CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-02] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-03-16] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-16] (Alcatel-Lucent) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2012-05-05] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] () [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies) [File not signed]
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies) [File not signed]
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 17:51 - 2015-04-02 17:51 - 00031195 _____ () C:\Users\dale\Desktop\FRST.txt
2015-04-02 17:47 - 2015-04-02 17:48 - 00035183 _____ () C:\Users\dale\Downloads\Addition.txt
2015-04-02 17:44 - 2015-04-02 17:48 - 00069389 _____ () C:\Users\dale\Downloads\FRST.txt
2015-04-02 17:30 - 2015-04-02 17:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-02 17:18 - 2015-04-02 17:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-02 17:18 - 2015-04-02 17:18 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-02 17:18 - 2015-04-02 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-02 17:18 - 2015-04-02 17:18 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-02 17:03 - 2015-04-02 17:03 - 02095616 _____ (Farbar) C:\Users\dale\Desktop\FRST64.exe
2015-04-02 17:02 - 2015-04-02 17:03 - 01135104 _____ (Farbar) C:\Users\dale\Downloads\FRST.exe
2015-04-02 16:43 - 2015-04-02 16:43 - 00002744 _____ () C:\Users\dale\Desktop\JRT.txt
2015-04-02 16:36 - 2015-04-02 16:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASM52A2200-Windows-7-Professional-(64-bit).dat
2015-04-02 16:36 - 2015-04-02 16:36 - 00000000 ____D () C:\RegBackup
2015-04-02 16:22 - 2015-04-02 16:32 - 00000000 ____D () C:\AdwCleaner
2015-04-02 16:15 - 2015-04-02 16:17 - 11028616 _____ (SurfRight B.V.) C:\Users\dale\Downloads\HitmanPro_x64.exe
2015-04-02 16:15 - 2015-04-02 16:16 - 10109856 _____ (SurfRight B.V.) C:\Users\dale\Downloads\HitmanPro.exe
2015-04-02 16:10 - 2015-04-02 16:10 - 02690981 _____ (Thisisu) C:\Users\dale\Downloads\JRT.exe
2015-04-02 16:09 - 2015-04-02 16:09 - 02208768 _____ () C:\Users\dale\Downloads\adwcleaner_4.200.exe
2015-04-02 07:33 - 2015-04-02 07:53 - 99151159 _____ () C:\Users\dale\Downloads\Archer.2009.S06E06.HDTV.x264-KILLERS.mp4
2015-04-02 07:26 - 2015-04-02 07:40 - 113882245 _____ () C:\Users\dale\Downloads\Archer.2009.S06E05.HDTV.x264-KILLERS.mp4
2015-04-02 07:24 - 2015-04-02 07:39 - 133172697 _____ () C:\Users\dale\Downloads\Archer.2009.S06E04.HDTV.x264-KILLERS.mp4
2015-04-02 07:23 - 2015-04-02 07:52 - 344981073 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E02.HDTV.x264-KILLERS.mp4
2015-04-02 07:23 - 2015-04-02 07:50 - 302652721 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E03.HDTV.x264-KILLERS.mp4
2015-04-02 07:23 - 2015-04-02 07:38 - 126279515 _____ () C:\Users\dale\Downloads\Archer.2009.S06E01.HDTV.x264-KILLERS.mp4
2015-04-02 07:23 - 2015-04-02 07:37 - 143492634 _____ () C:\Users\dale\Downloads\Archer.2009.S06E03.HDTV.x264-KILLERS.mp4
2015-04-02 07:22 - 2015-04-02 07:52 - 514827230 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E01.HDTV.x264-KILLERS.mp4
2015-04-02 07:22 - 2015-04-02 07:32 - 112041498 _____ () C:\Users\dale\Downloads\Archer.2009.S06E02.HDTV.x264-KILLERS.mp4
2015-04-01 21:00 - 2015-04-01 21:00 - 00044632 _____ () C:\Users\dale\Downloads\american-sniper_english-1085497.zip
2015-04-01 20:02 - 2015-04-01 20:36 - 325694258 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E04.HDTV.x264-KILLERS.mp4
2015-04-01 20:01 - 2015-04-01 20:53 - 378836802 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E08.HDTV.x264-KILLERS.mp4
2015-04-01 20:01 - 2015-04-01 20:23 - 308903326 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E05.HDTV.x264-KILLERS.mp4
2015-04-01 20:00 - 2015-04-01 20:22 - 291836848 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E07.HDTV.x264-KILLERS.mp4
2015-04-01 20:00 - 2015-04-01 20:21 - 276387498 _____ () C:\Users\dale\Downloads\Boardwalk.Empire.S05E06.HDTV.x264-KILLERS.mp4
2015-04-01 19:50 - 2015-04-01 19:50 - 00107587 _____ () C:\Users\dale\Downloads\[kickass.to]3.nights.in.the.desert.2014.hdrip.xvid.ac3.evo.torrent
2015-03-30 21:51 - 2015-03-30 21:51 - 00072387 _____ () C:\Users\dale\Downloads\[kickass.to]american.idol.s14e22.hdtv.x264.w4f.ettv.torrent
2015-03-30 21:51 - 2015-03-30 21:51 - 00035970 _____ () C:\Users\dale\Downloads\[kickass.to]american.idol.s14e22.hdtv.x264.w4f.eztv.torrent
2015-03-28 09:50 - 2015-03-29 19:48 - 00000000 ____D () C:\Users\dale\Downloads\Maná [Mi Verdad Ft. Shakira] 2015 WEB-DL-MP3 320Kbps [Single] URBiN4HD
2015-03-27 13:51 - 2015-03-27 16:32 - 00000000 ____D () C:\Users\dale\Downloads\f(x) Vol. 2 - Pink Tape
2015-03-27 09:08 - 2015-03-28 09:49 - 00000000 ____D () C:\Users\dale\Desktop\Baby Shower M
2015-03-26 07:55 - 2015-03-27 09:21 - 00000000 ____D () C:\Users\dale\Desktop\BEBEL 2015
2015-03-26 07:49 - 2015-03-26 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-26 07:46 - 2015-03-26 07:49 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-26 07:46 - 2015-03-26 07:46 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-26 07:44 - 2015-03-26 07:55 - 00000000 ____D () C:\Users\dale\AppData\Roaming\DVDVideoSoft
2015-03-26 07:38 - 2015-03-26 07:38 - 00000000 ____D () C:\tmp
2015-03-26 07:12 - 2015-04-02 17:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 07:11 - 2015-03-26 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 07:11 - 2015-03-26 07:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 07:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-26 07:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 16:27 - 2015-03-25 16:29 - 00000000 ____D () C:\Users\dale\Downloads\Snow Tha Product - Good Nights & Bad Mornings 2 (The Hangover)-2013-MIXFIEND
2015-03-25 14:42 - 2015-03-25 14:42 - 00000000 ____D () C:\Users\dale\Downloads\Bebel Gilberto
2015-03-25 13:09 - 2015-03-25 13:54 - 00000000 ____D () C:\Users\dale\Desktop\YOU TUBE DOWN LOADS
2015-03-25 00:11 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 00:11 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 00:11 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 00:11 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 00:11 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 00:11 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 00:11 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:11 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 15:08 - 2015-03-23 15:10 - 00000000 ____D () C:\Users\dale\Desktop\Consonant Clusters
2015-03-22 19:55 - 2015-03-22 19:55 - 00000000 ____D () C:\Users\dale\Documents\Fax
2015-03-22 16:15 - 2015-03-23 16:54 - 00000000 ____D () C:\Users\dale\Desktop\Housing
2015-03-21 23:33 - 2015-03-21 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-21 15:25 - 2015-03-21 17:08 - 00000000 ____D () C:\Users\dale\Desktop\GRAMMAR TOEF
2015-03-20 17:30 - 2015-03-20 18:19 - 00000000 ____D () C:\Users\dale\Desktop\New folder
2015-03-20 09:41 - 2015-03-20 09:47 - 00000000 ____D () C:\Users\dale\Desktop\NEW RESOURCES
2015-03-18 14:53 - 2015-03-18 14:54 - 00000000 ____D () C:\Users\dale\AppData\Roaming\AdvertismentImages
2015-03-17 08:03 - 2015-03-17 08:03 - 02341376 _____ () C:\Users\dale\Downloads\adjective-clauses-mod.ppt
2015-03-17 08:03 - 2015-03-17 08:03 - 01769472 _____ () C:\Users\dale\Downloads\Adjective_Clauses_mod.ppt
2015-03-17 08:01 - 2015-03-17 08:01 - 02164224 _____ () C:\Users\dale\Downloads\st-patrick.ppt
2015-03-14 10:41 - 2015-03-15 16:13 - 00000000 ____D () C:\Users\dale\Desktop\Relative Pronouns
2015-03-12 08:24 - 2015-03-12 08:24 - 00000000 ____D () C:\Users\dale\Tracing
2015-03-11 02:39 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 02:39 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 02:39 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 02:39 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 02:39 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 02:39 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 02:39 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 02:39 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 02:39 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 02:39 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 02:39 - 2015-02-02 20:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 02:39 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 02:39 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 02:39 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 02:39 - 2015-02-02 20:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 02:39 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 02:39 - 2015-02-02 20:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 02:39 - 2015-02-02 20:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 02:39 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 02:39 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 02:39 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 02:39 - 2015-02-02 20:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 02:39 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 02:39 - 2015-02-02 20:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 02:39 - 2015-02-02 20:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 02:39 - 2015-02-02 20:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 02:39 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 02:39 - 2015-02-02 20:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 02:39 - 2015-02-02 20:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 02:39 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 02:39 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 02:39 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 02:39 - 2015-02-02 20:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 02:39 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 02:39 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 02:38 - 2015-03-05 22:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 02:38 - 2015-03-05 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 02:38 - 2015-03-05 22:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 02:38 - 2015-03-05 22:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 02:38 - 2015-03-05 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 02:38 - 2015-03-05 22:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 02:38 - 2015-03-05 22:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 02:38 - 2015-03-05 22:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 02:38 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 02:38 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 02:38 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 02:38 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 02:38 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 02:38 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 02:37 - 2015-03-05 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 02:37 - 2015-03-05 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 02:37 - 2015-03-05 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 02:37 - 2015-03-05 22:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 02:37 - 2015-03-05 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 02:37 - 2015-03-05 22:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 02:37 - 2015-03-05 22:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 02:37 - 2015-03-05 22:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 02:37 - 2015-03-05 22:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 02:37 - 2015-03-05 22:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 02:37 - 2015-03-05 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 02:37 - 2015-03-05 22:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 02:37 - 2015-03-05 22:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 02:37 - 2015-03-05 22:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 02:37 - 2015-03-05 22:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 02:37 - 2015-03-05 22:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 02:37 - 2015-03-05 22:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 02:37 - 2015-02-25 20:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 02:37 - 2015-02-23 20:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 02:37 - 2015-02-23 19:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 02:37 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 02:37 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 02:37 - 2015-02-20 17:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 02:37 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 02:37 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 02:37 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 02:37 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 02:37 - 2015-02-19 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 02:37 - 2015-02-19 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 02:37 - 2015-02-19 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 02:37 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 02:37 - 2015-02-19 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 02:37 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 02:37 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 02:37 - 2015-02-19 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 02:37 - 2015-02-19 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 02:37 - 2015-02-19 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 02:37 - 2015-02-19 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 02:37 - 2015-02-19 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 02:37 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 02:37 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 02:37 - 2015-02-19 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 02:37 - 2015-02-19 19:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 02:37 - 2015-02-19 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 02:37 - 2015-02-19 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 02:37 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 02:37 - 2015-02-19 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 02:37 - 2015-02-19 19:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 02:37 - 2015-02-19 19:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 02:37 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 02:37 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 02:37 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 02:37 - 2015-02-19 19:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 02:37 - 2015-02-19 19:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 02:37 - 2015-02-19 18:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 02:37 - 2015-02-19 18:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 02:37 - 2015-02-19 18:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 02:37 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 02:37 - 2015-02-19 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 02:37 - 2015-02-19 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 02:37 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 02:37 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 02:37 - 2015-02-19 18:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 02:37 - 2015-02-19 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 02:37 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 02:37 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 02:37 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 02:37 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 02:37 - 2015-02-19 18:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 02:37 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 02:37 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 02:37 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 02:37 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 02:37 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 02:37 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 02:37 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 02:37 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 02:37 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 02:36 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 02:36 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-08 11:25 - 2015-03-08 11:35 - 00000000 ____D () C:\Users\dale\Desktop\ESL Canada
2015-03-04 19:52 - 2015-03-04 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Real Husbands Of Hollywood Season 2
2015-03-04 09:46 - 2015-03-04 09:46 - 00000000 ____D () C:\Users\dale\Desktop\GNW
2015-03-03 13:03 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 13:03 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 13:03 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 13:03 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 17:51 - 2014-03-22 12:22 - 00000000 ____D () C:\FRST
2015-04-02 17:45 - 2009-07-13 21:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 17:45 - 2009-07-13 21:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 17:43 - 2009-07-13 22:13 - 00879302 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 17:41 - 2011-04-16 10:53 - 01955525 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 17:37 - 2014-04-02 14:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 17:36 - 2014-05-27 20:33 - 00147600 _____ () C:\Windows\setupact.log
2015-04-02 17:36 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-02 17:22 - 2014-04-02 14:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 17:18 - 2012-05-05 02:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 17:13 - 2011-06-10 07:38 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job
2015-04-02 16:36 - 2012-06-25 13:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2015-04-02 16:33 - 2014-04-03 15:21 - 00034686 _____ () C:\Windows\PFRO.log
2015-04-02 16:20 - 2014-02-05 08:19 - 00000000 ____D () C:\Windows\Temp26F340E2-F1B0-67F0-F428-F7378A04BB34-Signatures
2015-04-02 16:19 - 2014-05-14 13:10 - 00000000 ____D () C:\Users\dale\AppData\Roaming\uTorrent
2015-04-02 16:11 - 2012-07-20 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2015-04-02 13:36 - 2012-06-25 13:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2015-04-02 13:13 - 2011-06-10 07:38 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job
2015-04-02 12:49 - 2012-05-29 19:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
2015-04-01 22:11 - 2012-07-20 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2015-03-30 15:29 - 2011-06-05 17:45 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 19:31 - 2013-08-27 19:35 - 00000000 ____D () C:\Users\dale\Desktop\nEW mOVIES
2015-03-28 09:49 - 2014-07-30 08:15 - 00000000 ____D () C:\Users\dale\Desktop\Music Mix
2015-03-27 09:46 - 2014-12-30 22:16 - 00000000 ____D () C:\Users\dale\Desktop\mUSIC 2014
2015-03-27 07:19 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2015-03-27 07:19 - 2012-05-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 21:26 - 2013-02-12 10:26 - 00000000 ____D () C:\Users\dale\Desktop\TV
2015-03-26 07:11 - 2013-11-04 19:45 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Malwarebytes
2015-03-26 07:11 - 2013-11-04 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 07:34 - 2014-12-11 09:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 07:34 - 2014-05-07 07:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 13:22 - 2013-06-04 16:53 - 00000000 ____D () C:\Users\dale\Desktop\MARTIN
2015-03-24 13:21 - 2012-06-03 18:56 - 00000000 ____D () C:\Users\dale\Geessy Docs
2015-03-23 07:17 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 16:49 - 2014-09-28 12:52 - 00000000 ____D () C:\Users\dale\Desktop\ESL GRAMMAR BOOKS
2015-03-20 09:51 - 2014-04-01 13:11 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-20 09:40 - 2014-04-01 13:11 - 00000000 ___RD () C:\Users\dale\Documents\MAGIX
2015-03-20 09:34 - 2014-07-29 17:05 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-03-14 10:37 - 2012-06-04 14:41 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2015-03-12 08:24 - 2014-09-18 07:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-12 08:24 - 2011-04-16 10:53 - 00000000 ____D () C:\Users\dale
2015-03-12 08:23 - 2012-05-29 19:44 - 00000000 ____D () C:\ProgramData\Skype
2015-03-11 18:36 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 05:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 03:48 - 2012-05-29 15:44 - 00000000 ___RD () C:\Users\dale\Virtual Machines
2015-03-11 03:47 - 2009-07-13 21:45 - 00429608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 03:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:26 - 2011-04-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 03:26 - 2009-07-13 19:34 - 00000603 _____ () C:\Windows\win.ini
2015-03-11 03:17 - 2013-08-25 11:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:07 - 2011-05-28 08:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 10:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 06:17 - 2011-04-16 11:15 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-05-06 07:11 - 2014-07-29 21:18 - 0024192 _____ () C:\Users\dale\AppData\Roaming\Notepad2.ini
2011-05-21 08:09 - 2012-05-29 21:30 - 0002021 _____ () C:\Users\dale\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

Some content of TEMP:
====================
C:\Users\dale\AppData\Local\Temp\flacdec2.exe
C:\Users\dale\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe
C:\Users\dale\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\dale\AppData\Local\Temp\Quarantine.exe
C:\Users\dale\AppData\Local\Temp\SkypeSetup.exe
C:\Users\dale\AppData\Local\Temp\sqlite3.dll
C:\Users\dale\AppData\Local\Temp\wpsetup.exe
C:\Users\dale\AppData\Local\Temp\zipsetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 09:06

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by dale at 2015-04-02 17:52:13
Running from C:\Users\dale\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{676E4C31-0CD1-454E-BE3A-70D3AC93F915}) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
iFinger 2.0 (HKLM-x32\...\iFinger 2.0) (Version: 2.0.8.280 - iFinger Ltd.)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Encarta World English Dictionary (HKLM-x32\...\EWED 2000 A) (Version:  - )
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Microsoft WebMatrix (HKLM-x32\...\{66F0E678-69C2-4C46-BA95-117DF28C87E4}) (Version: 1.0.1073 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector Net 6.3.7 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.3.7 - Oracle)
MySQL Server 5.1 (HKLM\...\{D1AFFA41-BB7A-4398-A86A-2B935FC3A649}) (Version: 5.1.57 - MySQL AB)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
Perle DeviceManager (HKLM-x32\...\Perle DeviceManager) (Version: 4.2 - Perle Systems Limited)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Stanza (HKLM-x32\...\Stanza) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Tera Term 4.69 (HKLM-x32\...\Tera Term_is1) (Version:  - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{168203C4-31A0-9170-63EB-2844C11A0356}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

25-03-2015 14:08:21 Revo Uninstaller's restore point - PriceSparrow
25-03-2015 14:09:06 Removed PriceSparrow
25-03-2015 14:11:53 Revo Uninstaller's restore point - Pro PC Cleaner
26-03-2015 07:40:16 Revo Uninstaller's restore point - FLAC To MP3 V4.0.5
28-03-2015 07:31:59 Windows Update
30-03-2015 14:59:44 Revo Uninstaller's restore point - moters
30-03-2015 15:19:51 Revo Uninstaller's restore point - MyPcBackup version 2.04
30-03-2015 15:23:34 Revo Uninstaller's restore point - tricomfi
01-04-2015 08:15:57 Windows Update
02-04-2015 17:29:18 Checkpoint by HitmanPro
02-04-2015 17:30:25 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-03-27 07:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B4D9382-DF8F-4230-8F48-5E2755A1FBE7} - System32\Tasks\{C0D6A044-B8ED-4169-A764-97F3785BCA45} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {0C913FA8-3408-4E59-B226-43D3A0FDF968} - System32\Tasks\{6395F395-B0CE-42D7-A84F-6B970E8AA0F3} => pcalua.exe -a "E:\Garden Rescue\Garden Rescue.exe" -d "E:\Garden Rescue"
Task: {13F94C08-5379-497B-BAAF-6D75323D7BED} - System32\Tasks\{E1F7AB0E-62C9-4258-A06D-6F1218EBB5B3} => Firefox.exe http://ui.skype.com/...l?page=tsPlugin
Task: {31D8EF28-3E72-44A4-9A4C-749FBD7DBDFD} - System32\Tasks\{2E61B727-0CE1-4360-8586-02D1EB52407C} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {464B03F2-6F9D-4A81-B2CE-D6661AB641E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {547B9D65-7120-43D9-B51A-4437AE3E1956} - System32\Tasks\{560E8C4E-B65C-443F-9151-A6B6A6FDFCEF} => pcalua.exe -a "G:\Apps\Dict PDF and Trans Tools\Dict backup\encarta-dict\SETUP.EXE" -d "G:\Apps\Dict PDF and Trans Tools\Dict backup\encarta-dict"
Task: {64D5EC79-BCCD-410D-9D5C-857F045392DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {740F6CB9-00A2-45D3-882F-27A131D654C9} - System32\Tasks\{B944CBEC-C684-4E63-98EA-C8B2337DF5A2} => C:\Temp\setup.exe [2010-06-13] (L1 Identity Solutions                                        )
Task: {7BE19241-1F57-44F5-ABEA-EC424F1C6163} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {8A345F52-A57F-413F-B177-C3B0EE22F1E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {9310245D-014E-4302-BAF2-649F034E0EEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-02] (Adobe Systems Incorporated)
Task: {A2E5BA19-24E2-4AF5-8771-602F89908AA1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B98E4E7F-D660-4C46-9BCF-229A3DE35BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {BF9248C3-51C6-42E5-9790-16C9226CFB6F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {C2D96E75-F70E-4FC4-BA82-58A63A7F7B42} - System32\Tasks\{EADE79ED-FCC8-4B1D-9607-981D7D3434B7} => pcalua.exe -a "E:\BROTHER\Mini Robot Wars\Mini Robot Wars.exe" -d "E:\BROTHER\Mini Robot Wars"
Task: {CE308BD1-3B3F-48A2-A442-61F6AE7A8F01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {D556E336-E1B7-4795-A6CD-90D4C4F1CC68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {DDA834B9-2BFA-4854-997B-81DBE57C241B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FCB2871D-FEF9-4377-AB2F-DFD1339C9E5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-18 16:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-12 21:37 - 2011-04-12 21:37 - 07681536 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dale\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.92 - 64.59.150.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger 2.0.lnk => C:\Windows\pss\iFinger 2.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger.lnk => C:\Windows\pss\iFinger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk => C:\Windows\pss\Encarta Dictionary Quickshelf.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3623806083-1760329146-3607088104-500 - Administrator - Disabled)
dale (S-1-5-21-3623806083-1760329146-3607088104-1000 - Administrator - Enabled) => C:\Users\dale
Guest (S-1-5-21-3623806083-1760329146-3607088104-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000022DF0A0.72).  hr = 0x80070005, Access is denied.
.

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a84,(null),0,REG_BINARY,00000000016CE250.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dbed2778-2bb8-41e7-abd6-d7d5340bbb5e}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,000000000268F240.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {f5280ab3-4fb2-4985-8eff-fbefd6df6c05}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,000000000250EE00.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {ece1e466-86d1-4832-bb57-0275ab55f134}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a84,(null),0,REG_BINARY,00000000016CE250.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dbed2778-2bb8-41e7-abd6-d7d5340bbb5e}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,(null),0,REG_BINARY,0000000001BBEC30.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {f0afbba6-80d6-40f9-928d-4f8cdcdcc8d4}


System errors:
=============
Error: (04/02/2015 05:48:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (04/02/2015 05:47:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000003fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000022DF0A0.72)0x80070005, Access is denied.

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a84,(null),0,REG_BINARY,00000000016CE250.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dbed2778-2bb8-41e7-abd6-d7d5340bbb5e}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b8,(null),0,REG_BINARY,000000000268F240.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {f5280ab3-4fb2-4985-8eff-fbefd6df6c05}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001ac,(null),0,REG_BINARY,000000000250EE00.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {ece1e466-86d1-4832-bb57-0275ab55f134}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a84,(null),0,REG_BINARY,00000000016CE250.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dbed2778-2bb8-41e7-abd6-d7d5340bbb5e}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001e8,(null),0,REG_BINARY,0000000001BBEC30.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {f0afbba6-80d6-40f9-928d-4f8cdcdcc8d4}


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 4024.93 MB
Available physical RAM: 1856.41 MB
Total Pagefile: 8048.05 MB
Available Pagefile: 5243.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.07 GB) (Free:22.64 GB) NTFS
Drive e: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive g: (    F:) (Fixed) (Total:930.86 GB) (Free:598.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 217E217E)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 930.9 GB) (Disk ID: 4D5AD2A2)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Thanks so much in advance, been a member for a long time, you guys are the best, M

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

If it's just in Firefox and not in IE then I think it's probably

 

FF Extension: Zoom It - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\Extensions\{ba9c838b-9425-ba29-a946-8aeafb453904} [2015-04-02]

 

 

 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
If that's not it please post the MBAM log.

  • 0

#3
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Hi, thanks for your reply. Yes it seemed like it was jsut in firefox cause I had no problem when in chrome. I ran the fix here is the log,

 

thanks again! M

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by dale at 2015-04-05 19:17:35 Run:2
Running from C:\Users\dale\Desktop
Loaded Profiles: dale (Available profiles: dale)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Extension: Zoom It - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\Extensions\{ba9c838b-9425-ba29-a946-8aeafb453904} [2015-04-02]
*****************

C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\Extensions\{ba9c838b-9425-ba29-a946-8aeafb453904} => Moved successfully.

==== End of Fixlog 19:17:36 ====


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Did that fix the problem?


  • 0

#5
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Yup, that seems to have fixed it...thanks millions!!!!!! M


  • 0

#6
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Hi there, the virus is back! It seems to have come back after I restarted my computer.

 

Please help! thanks, M


  • 0

#7
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Hi, the virus is back. It seems to have come back after I restarted my computer.

 

Please help! , thx M


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Go into Firefox, click on the three horizontal bars in the upper right.  then on Add-ons.then Extensions.  See if you can find Zoom it.  Click on Disable.

 

If that doesn't work then run FRST again weith the Addition.txt option checked and post both logs.


  • 0

#9
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Hi,

 

The virus came back again. It seems to come back maybe when I restart my computer I can then go to the extensions and disable/remove the zoom.it, but it always seems to make its way back. Here are the FRST logs, thanks, M

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by dale (administrator) on ASM52A2200 on 12-04-2015 16:37:52
Running from C:\Users\dale\Desktop
Loaded Profiles: dale (Available profiles: dale)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\skypemoticons\se.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\skypemoticons\se.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\skypemoticons\se.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000 -> {713ED581-7996-40FF-9790-10A2535A9D70} URL = https://search.yahoo...p={searchTerms}
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: iFinger plugin / Browser helper object -> {A114D52B-870C-4F15-8021-B6D7F91A054B} -> C:\Program Files (x86)\iFinger\plugins\IE.ifp [2001-07-09] (iFinger Ltd)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA} http://24.80.232.13:81/NetViewX.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...?rnd=1069883935
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-03-28] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itss51.dll [1999-06-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.92 64.59.150.138

FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll [2013-12-02] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll [2013-12-02] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 -> C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll [2011-04-01] (Microsoft Corp)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll [2011-03-16] (Alcatel-Lucent)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dale\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @talk.google.com/O1DPlugin -> C:\Users\dale\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @tools.google.com/Google Update;version=3 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3623806083-1760329146-3607088104-1000: @tools.google.com/Google Update;version=9 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Extension: Mozilla Firefox Hotfixer - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\Extensions\[email protected] [2015-04-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-05]

Chrome:
=======
CHR HomePage: Default -> https://ca.search.ya...49&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://ca.search.ya...9&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...d={searchTerms}
CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2011-03-16] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-16] (Alcatel-Lucent) [File not signed]
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2012-05-05] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] () [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies) [File not signed]
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies) [File not signed]
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 16:37 - 2015-04-12 16:37 - 00000000 ____D () C:\Users\dale\Desktop\FRST-OlderVersion
2015-04-12 01:11 - 2015-04-12 01:12 - 00044244 _____ () C:\Users\dale\Downloads\comet_english-1096952.zip
2015-04-11 20:25 - 2015-04-11 20:25 - 00000000 ____D () C:\Users\dale\Desktop\Presentations
2015-04-11 09:22 - 2015-04-12 01:12 - 00000000 ____D () C:\Users\dale\Downloads\Comet (2014)
2015-04-11 09:21 - 2015-04-11 09:40 - 00000000 ____D () C:\Users\dale\Downloads\Magnolia {1999} 720p BRRip x264 - HDMiCRO by Mr.KickASS
2015-04-11 09:17 - 2015-04-11 09:17 - 00012951 _____ () C:\Users\dale\Downloads\[kickass.to]magnolia.1999.720p.brrip.x264.hdmicro.by.mr.kickass.torrent
2015-04-11 09:09 - 2015-04-11 09:09 - 00008171 _____ () C:\Users\dale\Downloads\[kickass.to]comet.2014.720p.brrip.x264.yify.torrent
2015-04-11 09:08 - 2015-04-11 09:08 - 00012557 _____ () C:\Users\dale\Downloads\The Hunger Games -2012-.DVDRip.torrent
2015-04-11 09:04 - 2015-04-11 09:04 - 00011683 _____ () C:\Users\dale\Downloads\[kickass.to]the.hunger.games.2012.720p.hdtv.x264.j.23stan.lektor.pl(1).torrent
2015-04-11 09:02 - 2015-04-11 09:02 - 00011683 _____ () C:\Users\dale\Downloads\[kickass.to]the.hunger.games.2012.720p.hdtv.x264.j.23stan.lektor.pl.torrent
2015-04-10 17:10 - 2015-04-10 17:10 - 00118251 _____ () C:\Users\dale\Downloads\[kickass.to]the.wedding.ringer.2015.brrip.xvid.ac3.evo.torrent
2015-04-10 10:25 - 2015-04-10 17:14 - 00000000 ____D () C:\Users\dale\Downloads\The Intouchables 2011 720p BluRay x264 French AAC - Ozlem
2015-04-10 09:22 - 2015-04-10 10:05 - 00000000 ____D () C:\Users\dale\Downloads\Youve Got Mail (1998)
2015-04-10 09:18 - 2015-04-10 09:18 - 00018512 _____ () C:\Users\dale\Downloads\[kickass.to]the.intouchables.2011.720p.bluray.x264.french.aac.ozlem.torrent
2015-04-10 09:15 - 2015-04-10 09:50 - 00000000 ____D () C:\Users\dale\Downloads\Toy Story (1995) [1080p]
2015-04-10 09:14 - 2015-04-10 09:14 - 00017253 _____ () C:\Users\dale\Downloads\[kickass.to]the.holiday.2006.720p.brrip.x264.800mb.yify(1).torrent
2015-04-10 09:14 - 2015-04-10 09:14 - 00014935 _____ () C:\Users\dale\Downloads\[kickass.to]just.married.2003.torrent
2015-04-10 09:13 - 2015-04-10 09:13 - 00017253 _____ () C:\Users\dale\Downloads\[kickass.to]the.holiday.2006.720p.brrip.x264.800mb.yify.torrent
2015-04-10 09:10 - 2015-04-10 09:10 - 00015988 _____ () C:\Users\dale\Downloads\[kickass.to]you.ve.got.mail.1998.720p.brrip.x264.yify.torrent
2015-04-10 09:07 - 2015-04-10 09:07 - 00048658 _____ () C:\Users\dale\Downloads\[kickass.to]500.days.of.summer.2009.bluray.720p.600mb.ganool.torrent
2015-04-10 09:07 - 2015-04-10 09:07 - 00011977 _____ () C:\Users\dale\Downloads\[kickass.to]toy.story.1995.1080p.brrip.x264.yify.torrent
2015-04-10 07:38 - 2015-04-10 07:38 - 00057379 _____ () C:\Users\dale\Downloads\[kickass.to]the.wedding.ringer.2015.brrip.xvid.etrg(1).torrent
2015-04-09 20:34 - 2015-04-09 20:34 - 00011782 _____ () C:\Users\dale\Downloads\[kickass.to]the.big.bang.theory.s08e20.hdtv.x264.lol.ettv.torrent
2015-04-09 20:33 - 2015-04-09 20:33 - 00057379 _____ () C:\Users\dale\Downloads\[kickass.to]the.wedding.ringer.2015.brrip.xvid.etrg.torrent
2015-04-09 12:57 - 2015-04-09 13:04 - 126221101 _____ () C:\Users\dale\Downloads\Archer.2009.S06E09.HDTV.x264-KILLERS.mp4
2015-04-09 12:57 - 2015-04-09 12:57 - 00017087 _____ () C:\Users\dale\Downloads\[kickass.to]kendrick.lamar.the.blacker.the.berry.single.explicit.clean.2015.mp3.320.kbps.torrent
2015-04-07 19:59 - 2015-04-07 21:33 - 1548709443 _____ () C:\Users\dale\Downloads\The.Walking.Dead.S00E35.Inside.the.Walking.Dead.PROPER.720p.HDTV.x264-BATV.mkv
2015-04-07 19:57 - 2015-04-07 21:05 - 115653847 _____ () C:\Users\dale\Downloads\Archer.2009.S06E12.HDTV.x264-KILLERS.mp4
2015-04-06 22:18 - 2015-04-06 22:21 - 00000000 ____D () C:\Users\dale\Downloads\Son of a Gun 2014 1080p BRRip x264 DTS-JYK
2015-04-06 19:34 - 2015-04-12 16:37 - 02096640 _____ (Farbar) C:\Users\dale\Desktop\FRST64.exe
2015-04-06 06:54 - 2015-04-06 06:55 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 06:54 - 2015-04-06 06:54 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 20:29 - 2015-04-05 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 20:17 - 2015-04-06 06:57 - 138599950 _____ () C:\Users\dale\Downloads\Archer.2009.S06E08.HDTV.x264-KILLERS.mp4
2015-04-02 17:51 - 2015-04-12 16:39 - 00030111 _____ () C:\Users\dale\Desktop\FRST.txt
2015-04-02 17:47 - 2015-04-02 17:48 - 00035183 _____ () C:\Users\dale\Downloads\Addition.txt
2015-04-02 17:44 - 2015-04-02 17:48 - 00069389 _____ () C:\Users\dale\Downloads\FRST.txt
2015-04-02 17:30 - 2015-04-02 17:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-02 17:18 - 2015-04-02 17:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-02 16:36 - 2015-04-02 16:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ASM52A2200-Windows-7-Professional-(64-bit).dat
2015-04-02 16:36 - 2015-04-02 16:36 - 00000000 ____D () C:\RegBackup
2015-04-02 16:22 - 2015-04-02 16:32 - 00000000 ____D () C:\AdwCleaner
2015-04-01 21:00 - 2015-04-01 21:00 - 00044632 _____ () C:\Users\dale\Downloads\american-sniper_english-1085497.zip
2015-03-28 09:50 - 2015-03-29 19:48 - 00000000 ____D () C:\Users\dale\Downloads\Maná [Mi Verdad Ft. Shakira] 2015 WEB-DL-MP3 320Kbps [Single] URBiN4HD
2015-03-27 13:51 - 2015-03-27 16:32 - 00000000 ____D () C:\Users\dale\Downloads\f(x) Vol. 2 - Pink Tape
2015-03-27 09:08 - 2015-03-28 09:49 - 00000000 ____D () C:\Users\dale\Desktop\Baby Shower M
2015-03-26 07:55 - 2015-03-27 09:21 - 00000000 ____D () C:\Users\dale\Desktop\BEBEL 2015
2015-03-26 07:49 - 2015-03-26 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-03-26 07:46 - 2015-03-26 07:49 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-03-26 07:46 - 2015-03-26 07:46 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-03-26 07:44 - 2015-03-26 07:55 - 00000000 ____D () C:\Users\dale\AppData\Roaming\DVDVideoSoft
2015-03-26 07:38 - 2015-03-26 07:38 - 00000000 ____D () C:\tmp
2015-03-26 07:12 - 2015-04-06 22:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 07:11 - 2015-03-26 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 07:11 - 2015-03-26 07:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 07:11 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-26 07:11 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 16:27 - 2015-03-25 16:29 - 00000000 ____D () C:\Users\dale\Downloads\Snow Tha Product - Good Nights & Bad Mornings 2 (The Hangover)-2013-MIXFIEND
2015-03-25 14:42 - 2015-03-25 14:42 - 00000000 ____D () C:\Users\dale\Downloads\Bebel Gilberto
2015-03-25 13:09 - 2015-03-25 13:54 - 00000000 ____D () C:\Users\dale\Desktop\YOU TUBE DOWN LOADS
2015-03-25 00:11 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 00:11 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 00:11 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 00:11 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 00:11 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 00:11 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 00:11 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 00:11 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 15:08 - 2015-03-23 15:10 - 00000000 ____D () C:\Users\dale\Desktop\Consonant Clusters
2015-03-22 19:55 - 2015-03-22 19:55 - 00000000 ____D () C:\Users\dale\Documents\Fax
2015-03-22 16:15 - 2015-03-23 16:54 - 00000000 ____D () C:\Users\dale\Desktop\Housing
2015-03-21 15:25 - 2015-03-21 17:08 - 00000000 ____D () C:\Users\dale\Desktop\GRAMMAR TOEF
2015-03-20 17:30 - 2015-03-20 18:19 - 00000000 ____D () C:\Users\dale\Desktop\New folder
2015-03-20 09:41 - 2015-03-20 09:47 - 00000000 ____D () C:\Users\dale\Desktop\NEW RESOURCES
2015-03-18 14:53 - 2015-03-18 14:54 - 00000000 ____D () C:\Users\dale\AppData\Roaming\AdvertismentImages
2015-03-17 08:03 - 2015-03-17 08:03 - 02341376 _____ () C:\Users\dale\Downloads\adjective-clauses-mod.ppt
2015-03-17 08:03 - 2015-03-17 08:03 - 01769472 _____ () C:\Users\dale\Downloads\Adjective_Clauses_mod.ppt
2015-03-17 08:01 - 2015-03-17 08:01 - 02164224 _____ () C:\Users\dale\Downloads\st-patrick.ppt
2015-03-14 10:41 - 2015-03-15 16:13 - 00000000 ____D () C:\Users\dale\Desktop\Relative Pronouns

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 16:38 - 2014-03-22 12:22 - 00000000 ____D () C:\FRST
2015-04-12 16:38 - 2011-04-16 10:53 - 01753564 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 16:36 - 2012-06-25 13:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2015-04-12 16:35 - 2014-04-02 14:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 16:34 - 2014-05-27 20:33 - 00150904 _____ () C:\Windows\setupact.log
2015-04-12 16:34 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 16:22 - 2014-04-02 14:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 16:18 - 2012-05-05 02:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 16:12 - 2011-06-10 07:38 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job
2015-04-12 16:11 - 2012-07-20 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2015-04-12 13:36 - 2012-06-25 13:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2015-04-12 13:13 - 2011-06-10 07:38 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job
2015-04-12 13:00 - 2012-05-29 19:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
2015-04-12 12:01 - 2012-05-29 19:44 - 00000000 ____D () C:\ProgramData\Skype
2015-04-12 08:48 - 2009-07-13 21:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 08:48 - 2009-07-13 21:45 - 00025216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 08:45 - 2009-07-13 22:13 - 00879302 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 08:12 - 2014-07-30 08:15 - 00000000 ____D () C:\Users\dale\Desktop\Music Mix
2015-04-11 22:11 - 2012-07-20 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2015-04-11 17:29 - 2014-05-14 13:10 - 00000000 ____D () C:\Users\dale\AppData\Roaming\uTorrent
2015-04-09 07:49 - 2014-09-16 15:18 - 00000000 ____D () C:\Users\dale\Desktop\Visa Sandra Arumis
2015-04-08 12:37 - 2012-05-29 19:37 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Mozilla
2015-04-08 09:21 - 2012-06-03 18:56 - 00000000 ____D () C:\Users\dale\Geessy Docs
2015-04-07 19:59 - 2013-02-12 10:26 - 00000000 ____D () C:\Users\dale\Desktop\TV
2015-04-06 14:06 - 2012-05-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-05 20:09 - 2011-05-06 07:11 - 00024192 _____ () C:\Users\dale\AppData\Roaming\Notepad2.ini
2015-04-02 16:33 - 2014-04-03 15:21 - 00034686 _____ () C:\Windows\PFRO.log
2015-04-02 16:20 - 2014-02-05 08:19 - 00000000 ____D () C:\Windows\Temp26F340E2-F1B0-67F0-F428-F7378A04BB34-Signatures
2015-03-30 15:29 - 2011-06-05 17:45 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 19:31 - 2013-08-27 19:35 - 00000000 ____D () C:\Users\dale\Desktop\nEW mOVIES
2015-03-27 09:46 - 2014-12-30 22:16 - 00000000 ____D () C:\Users\dale\Desktop\mUSIC 2014
2015-03-27 07:19 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2015-03-26 07:11 - 2013-11-04 19:45 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Malwarebytes
2015-03-26 07:11 - 2013-11-04 19:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 07:34 - 2014-12-11 09:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 07:34 - 2014-05-07 07:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 13:22 - 2013-06-04 16:53 - 00000000 ____D () C:\Users\dale\Desktop\MARTIN
2015-03-23 07:17 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 16:49 - 2014-09-28 12:52 - 00000000 ____D () C:\Users\dale\Desktop\ESL GRAMMAR BOOKS
2015-03-20 09:51 - 2014-04-01 13:11 - 00000000 ____D () C:\ProgramData\MAGIX
2015-03-20 09:40 - 2014-04-01 13:11 - 00000000 ___RD () C:\Users\dale\Documents\MAGIX
2015-03-20 09:34 - 2014-07-29 17:05 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-03-14 10:37 - 2012-06-04 14:41 - 00000000 ____D () C:\Program Files (x86)\uTorrent

==================== Files in the root of some directories =======

2011-05-06 07:11 - 2015-04-05 20:09 - 0024192 _____ () C:\Users\dale\AppData\Roaming\Notepad2.ini
2011-05-21 08:09 - 2012-05-29 21:30 - 0002021 _____ () C:\Users\dale\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

Some content of TEMP:
====================
C:\Users\dale\AppData\Local\Temp\flacdec2.exe
C:\Users\dale\AppData\Local\Temp\HitmanPro.exe
C:\Users\dale\AppData\Local\Temp\MyPCBACKbuidAmonetize.exe
C:\Users\dale\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\dale\AppData\Local\Temp\Quarantine.exe
C:\Users\dale\AppData\Local\Temp\SkypeSetup.exe
C:\Users\dale\AppData\Local\Temp\sqlite3.dll
C:\Users\dale\AppData\Local\Temp\wpsetup.exe
C:\Users\dale\AppData\Local\Temp\zipsetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-06 09:48

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by dale at 2015-04-12 16:40:03
Running from C:\Users\dale\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{676E4C31-0CD1-454E-BE3A-70D3AC93F915}) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Studio version 6.5.0.301 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
iFinger 2.0 (HKLM-x32\...\iFinger 2.0) (Version: 2.0.8.280 - iFinger Ltd.)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Encarta World English Dictionary (HKLM-x32\...\EWED 2000 A) (Version:  - )
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Microsoft WebMatrix (HKLM-x32\...\{66F0E678-69C2-4C46-BA95-117DF28C87E4}) (Version: 1.0.1073 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Connector Net 6.3.7 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.3.7 - Oracle)
MySQL Server 5.1 (HKLM\...\{D1AFFA41-BB7A-4398-A86A-2B935FC3A649}) (Version: 5.1.57 - MySQL AB)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25  - Florian Balmer)
Perle DeviceManager (HKLM-x32\...\Perle DeviceManager) (Version: 4.2 - Perle Systems Limited)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Stanza (HKLM-x32\...\Stanza) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Tera Term 4.69 (HKLM-x32\...\Tera Term_is1) (Version:  - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version:  - Antibody Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{168203C4-31A0-9170-63EB-2844C11A0356}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3623806083-1760329146-3607088104-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\dale\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

01-04-2015 08:15:57 Windows Update
02-04-2015 17:29:18 Checkpoint by HitmanPro
02-04-2015 17:30:25 Checkpoint by HitmanPro
05-04-2015 19:24:44 Windows Update
06-04-2015 06:53:28 Windows Update
09-04-2015 22:24:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-03-27 07:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B4D9382-DF8F-4230-8F48-5E2755A1FBE7} - System32\Tasks\{C0D6A044-B8ED-4169-A764-97F3785BCA45} => Firefox.exe http://ui.skype.com/...all?page=tsMain
Task: {0C913FA8-3408-4E59-B226-43D3A0FDF968} - System32\Tasks\{6395F395-B0CE-42D7-A84F-6B970E8AA0F3} => pcalua.exe -a "E:\Garden Rescue\Garden Rescue.exe" -d "E:\Garden Rescue"
Task: {13F94C08-5379-497B-BAAF-6D75323D7BED} - System32\Tasks\{E1F7AB0E-62C9-4258-A06D-6F1218EBB5B3} => Firefox.exe http://ui.skype.com/...l?page=tsPlugin
Task: {1763AFEB-5BD2-4D4F-BAE9-078A4C979DF3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {2A0028BA-FE24-4DBD-A4C9-9381E46F8F91} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {31D8EF28-3E72-44A4-9A4C-749FBD7DBDFD} - System32\Tasks\{2E61B727-0CE1-4360-8586-02D1EB52407C} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {464B03F2-6F9D-4A81-B2CE-D6661AB641E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {4F4A6DD4-BBB9-421F-8BAC-05BBB3128A60} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {547B9D65-7120-43D9-B51A-4437AE3E1956} - System32\Tasks\{560E8C4E-B65C-443F-9151-A6B6A6FDFCEF} => pcalua.exe -a "G:\Apps\Dict PDF and Trans Tools\Dict backup\encarta-dict\SETUP.EXE" -d "G:\Apps\Dict PDF and Trans Tools\Dict backup\encarta-dict"
Task: {64D5EC79-BCCD-410D-9D5C-857F045392DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {740F6CB9-00A2-45D3-882F-27A131D654C9} - System32\Tasks\{B944CBEC-C684-4E63-98EA-C8B2337DF5A2} => C:\Temp\setup.exe [2010-06-13] (L1 Identity Solutions                                        )
Task: {7BE19241-1F57-44F5-ABEA-EC424F1C6163} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {8A345F52-A57F-413F-B177-C3B0EE22F1E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {9310245D-014E-4302-BAF2-649F034E0EEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-02] (Adobe Systems Incorporated)
Task: {A2E5BA19-24E2-4AF5-8771-602F89908AA1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B703A7F5-05D1-45AD-A121-DB2626D1F0EE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B98E4E7F-D660-4C46-9BCF-229A3DE35BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {BF9248C3-51C6-42E5-9790-16C9226CFB6F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {C2D96E75-F70E-4FC4-BA82-58A63A7F7B42} - System32\Tasks\{EADE79ED-FCC8-4B1D-9607-981D7D3434B7} => pcalua.exe -a "E:\BROTHER\Mini Robot Wars\Mini Robot Wars.exe" -d "E:\BROTHER\Mini Robot Wars"
Task: {CE308BD1-3B3F-48A2-A442-61F6AE7A8F01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {D556E336-E1B7-4795-A6CD-90D4C4F1CC68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {DDA834B9-2BFA-4854-997B-81DBE57C241B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FCB2871D-FEF9-4377-AB2F-DFD1339C9E5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-18 16:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-04-12 21:37 - 2011-04-12 21:37 - 07681536 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dale\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.92 - 64.59.150.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger 2.0.lnk => C:\Windows\pss\iFinger 2.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger.lnk => C:\Windows\pss\iFinger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk => C:\Windows\pss\Encarta Dictionary Quickshelf.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3623806083-1760329146-3607088104-500 - Administrator - Disabled)
dale (S-1-5-21-3623806083-1760329146-3607088104-1000 - Administrator - Enabled) => C:\Users\dale
Guest (S-1-5-21-3623806083-1760329146-3607088104-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2015 10:11:05 PM) (Source: Google Update) (EventID: 20) (User: ASM52A2200)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/09/2015 07:29:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x648
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/09/2015 07:29:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.1.5570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10cc

Start Time: 01d0713e826bbe09

Termination Time: 1532

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: af14bde6-dec4-11e4-9252-001f16922226

Error: (04/05/2015 08:11:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program KMPlayer.exe version 3.4.0.59 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13e0

Start Time: 01d0701721a56279

Termination Time: 9

Application Path: C:\PROGRA~2\THEKMP~1\KMPlayer.exe

Report Id:

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000022DF0A0.72).  hr = 0x80070005, Access is denied.
.

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a84,(null),0,REG_BINARY,00000000016CE250.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dbed2778-2bb8-41e7-abd6-d7d5340bbb5e}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}


System errors:
=============
Error: (04/12/2015 08:40:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:39:03 AM on ‎4/‎12/‎2015 was unexpected.

Error: (04/11/2015 03:51:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/07/2015 10:48:17 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/06/2015 02:07:42 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/06/2015 02:04:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsDepSvc service.

Error: (04/05/2015 08:37:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/05/2015 08:37:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (04/05/2015 08:36:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (04/05/2015 08:08:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR17.

Error: (04/05/2015 08:08:35 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR17.


Microsoft Office Sessions:
=========================
Error: (04/09/2015 10:11:05 PM) (Source: Google Update) (EventID: 20) (User: ASM52A2200)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (04/09/2015 07:29:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa164801d072cb4e474fc2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc8795b94-dec4-11e4-9252-001f16922226

Error: (04/09/2015 07:29:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe37.0.1.557010cc01d0713e826bbe091532C:\Program Files (x86)\Mozilla Firefox\firefox.exeaf14bde6-dec4-11e4-9252-001f16922226

Error: (04/05/2015 08:11:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KMPlayer.exe3.4.0.5913e001d0701721a562799C:\PROGRA~2\THEKMP~1\KMPlayer.exe

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000003fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000022DF0A0.72)0x80070005, Access is denied.

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000003C8E0D0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a3d4b9df-afc1-405b-8e51-bf3ed1446bbc}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000a84,(null),0,REG_BINARY,00000000016CE250.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {dbed2778-2bb8-41e7-abd6-d7d5340bbb5e}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}

Error: (04/02/2015 05:31:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000bb8,(null),0,REG_BINARY,00000000063DDE90.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {cb2eb77d-5997-40f0-8ef3-a72c6e22c960}


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4024.93 MB
Available physical RAM: 1813.04 MB
Total Pagefile: 8048.05 MB
Available Pagefile: 5715.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.07 GB) (Free:12.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 217E217E)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Did you already remove zoom it before the scan?  Don't see it.

 

I do see a suspicious task:

 

Task: {740F6CB9-00A2-45D3-882F-27A131D654C9} - System32\Tasks\{B944CBEC-C684-4E63-98EA-C8B2337DF5A2} => C:\Temp\setup.exe [2010-06-13] (L1 Identity Solutions                 

 

It is running from a temp folder which is odd.  Appears to be quite old but the date can be forged.  Do you know what it is?  I thought it might be a fingerprint reader so didn't touch it.  If you don't use a fingerprint to log on then in the search box type Task and it will find Task Scheduler. Double click on it to open task scheduler.   Then click on Task Scheduler Library.  In the middle pane it should list a few tasks.  See if you can find 

{B944CBEC-C684-4E63-98EA-C8B2337DF5A2} .  Click on it then right click and Disable.    This will keep the task from running at the next reboot.  If that prevents zoom it from coming back you can go back into task scheduler and delete the task.

 

You can also submit C:\Temp\setup.exe to virustotal.com and see what they say about it:

 

 

 
Easiest way to submit a file is to copy the path:
 
"C:\Temp\setup.exe"
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 58  or so then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 
 
(You may need to show hidden files first
 
 Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button)

  • 0

Advertisements


#11
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Hi,

 

So the zoom.it came back after a few days. It seems to come back out of the blue not with a reboot. I went to task scheduler to try to disable it but I get an error message "The specified account name is not valid" I am also unable to delete it. I will try to submit it now to virus total

 

thanks!

 

M


  • 0

#12
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Hi

I tried to submit the file to virus total. I followed your steps but when I put "C:\Temp\setup.exe" into the File Name and  Hit Open and it returns to the main page with setup.exe. when I click scan file it takes forever, in fact it is still scanning it, thx M


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

OK.  Let's see if we can remove it and also the multitude of Google and Facebook update tasks.  They will come back on their own.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
 
Download OTL from
and Save it to your desktop.
 
Copy the text in the code box:
 
DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
 
Run OTL (Vista or Win 7 => right click and Run As Administrator)
 
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
 
Select the All option in the Extra Registry group then Run Scan.
 
You should get two logs.  Please copy and paste both of them.
 
 
If Zoom it returns, run a FRST scan before you disable it.
 
 

  • 0

#14
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Thanks RK!

 

Here are the logs:

 

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

 

 

 

OTL logfile created on: 4/15/2015 1:43:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dale\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.93 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.61% Memory free
7.86 Gb Paging File | 5.35 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.07 Gb Total Space | 7.68 Gb Free Space | 3.47% Space Free | Partition Type: NTFS
 
Computer Name: ASM52A2200 | User Name: dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/04/15 13:41:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dale\Downloads\OTL.exe
PRC - [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/03/07 00:22:00 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2012/11/06 18:17:02 | 008,236,672 | ---- | M] (KMP Media co.,Ltd) -- C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
PRC - [2012/09/05 08:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2011/12/22 20:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2003/03/18 17:12:06 | 001,904,128 | ---- | M] (iFinger Ltd) -- C:\Program Files (x86)\iFinger\iFinger.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/10/31 01:59:32 | 004,562,432 | ---- | M] () -- C:\Program Files (x86)\The KMPlayer\libcodec.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2001/01/25 17:33:32 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\iFinger\WinHook.dll
MOD - [2000/06/21 17:03:22 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\iFinger\Impborl.dll
MOD - [2000/06/05 21:47:50 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\iFinger\lxrt23.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/02/19 19:35:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/01/30 04:15:10 | 000,366,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2015/01/30 04:15:10 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2006/08/05 10:48:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2015/04/05 20:29:55 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/03/07 00:22:00 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/02/18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/02 18:33:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/05 08:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/12/22 20:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/04/06 22:13:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/15 15:46:08 | 000,124,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/24 11:15:28 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2013/04/24 11:15:28 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2013/04/24 11:15:26 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2013/03/07 16:10:48 | 000,009,216 | ---- | M] (SMART Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2013/03/07 16:10:32 | 000,010,240 | ---- | M] (SMART Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2013/03/07 16:10:30 | 000,022,184 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 04:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009/09/29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009/09/29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 16:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/10 05:25:42 | 000,314,904 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0102.sys -- (RsFx0102)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/10/19 04:33:34 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/10/19 04:31:12 | 000,296,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2006/10/19 04:30:10 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/08/05 10:42:48 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/20 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2013/07/17 22:34:28 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2011/03/16 12:43:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/03/16 12:43:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {713ED581-7996-40FF-9790-10A2535A9D70}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{713ED581-7996-40FF-9790-10A2535A9D70}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "CA"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Amazon.com,eBay,Twitter,Wikipedia (en),DuckDuckGo"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: veggy%40veggyAddon.com:1.0416509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\dale\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dale\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/05/29 19:37:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dale\AppData\Roaming\mozilla\Extensions
[2015/04/15 13:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dale\AppData\Roaming\mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\extensions
[2015/04/06 22:05:13 | 000,000,000 | ---D | M] ("Mozilla Firefox Hotfixer") -- C:\Users\dale\AppData\Roaming\mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522\extensions\[email protected]
[2015/04/05 20:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/04/05 20:29:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
 
O1 HOSTS File: ([2014/03/27 07:45:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll File not found
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (iFinger plugin / Browser helper object) - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Program Files (x86)\iFinger\plugins\IE.ifp (iFinger Ltd)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O8 - Extra context menu item: QuickDefine - C:\Program Files (x86)\Common Files\microsoft shared\Reference Titles\eddefine.htm ()
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA} http://24.80.232.13:81/NetViewX.cab(NetViewX Control)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...?rnd=1069883935(Remote Access ActiveX Client)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab(ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab(MSN Games - Installer)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab(Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100(Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.92 64.59.150.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36FE6BFC-B38C-4912-94C3-F6555D418AC0}: DhcpNameServer = 10.10.10.21 64.59.144.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F78A8EC7-7F59-4940-B02B-8F87E00B60FC}: DhcpNameServer = 64.59.144.92 64.59.150.138
O18:64bit: - Protocol\Handler\intu-tt2013 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its51 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-tt2013 {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger 2.0.lnk - C:\Program Files (x86)\iFinger\iFinger.exe - (iFinger Ltd)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger.lnk - C:\Program Files (x86)\iFinger\iFinger.exe - (iFinger Ltd)
MsConfig:64bit - StartUpFolder: C:^Users^dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Encarta Dictionary Quickshelf.lnk - C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Bonus.SSR.FR11 - hkey= - key= - C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: SAOB Monitor - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Wondershare Helper Compact.exe - hkey= - key= - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {020A3972-0C2A-BF5B-5B42-940D10A3FFD9} - Themes Setup
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {33206335-DD59-5C25-F7CB-126B7D602D2B} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F042D468-BE43-DA1E-AD31-6C4224F11FC4} - Offline Browsing Pack
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/04/13 16:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2015/04/13 16:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2015/04/13 16:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2015/04/13 16:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2015/04/13 16:48:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/04/12 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\FRST-OlderVersion
[2015/04/11 20:25:13 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\Presentations
[2015/04/06 19:34:20 | 002,096,640 | ---- | C] (Farbar) -- C:\Users\dale\Desktop\FRST64.exe
[2015/04/06 06:54:35 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/04/06 06:54:33 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/04/05 20:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/04/02 17:30:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2015/04/02 17:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/04/02 16:36:05 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/04/02 16:22:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/03/26 07:55:53 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\BEBEL 2015
[2015/03/26 07:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2015/03/26 07:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Codec Pack
[2015/03/26 07:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2015/03/26 07:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2015/03/26 07:44:22 | 000,000,000 | ---D | C] -- C:\Users\dale\AppData\Roaming\DVDVideoSoft
[2015/03/26 07:38:42 | 000,000,000 | ---D | C] -- C:\tmp
[2015/03/26 07:12:00 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/03/26 07:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/03/26 07:11:26 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/03/26 07:11:26 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/03/26 07:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/03/25 13:09:25 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\YOU TUBE DOWN LOADS
[2015/03/25 00:11:36 | 000,943,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/03/25 00:11:36 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015/03/25 00:11:35 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/03/25 00:11:35 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/03/25 00:11:35 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/03/25 00:11:35 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/03/25 00:11:33 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/03/25 00:11:33 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2015/03/23 15:08:43 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\Consonant Clusters
[2015/03/22 19:55:39 | 000,000,000 | R--D | C] -- C:\Users\dale\Documents\Scanned Documents
[2015/03/22 19:55:38 | 000,000,000 | ---D | C] -- C:\Users\dale\Documents\Fax
[2015/03/22 16:15:08 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\Housing
[2015/03/21 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\GRAMMAR TOEF
[2015/03/20 17:30:44 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\New folder
[2015/03/20 09:41:25 | 000,000,000 | ---D | C] -- C:\Users\dale\Desktop\NEW RESOURCES
[2015/03/18 14:53:22 | 000,000,000 | ---D | C] -- C:\Users\dale\AppData\Roaming\AdvertismentImages
 
========== Files - Modified Within 30 Days ==========
 
[2015/04/15 13:36:32 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
[2015/04/15 13:36:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
[2015/04/15 13:23:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/04/15 13:22:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/04/15 13:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/15 13:13:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job
[2015/04/15 13:13:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job
[2015/04/15 13:11:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
[2015/04/15 08:06:35 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
[2015/04/15 07:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/14 17:27:21 | 000,879,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/14 17:27:21 | 000,721,204 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/14 17:27:21 | 000,144,670 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/13 17:02:01 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/04/13 17:02:01 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/04/13 16:53:45 | 3165,331,456 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/13 16:50:32 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2015/04/13 16:50:32 | 000,002,170 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/04/13 16:49:06 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015/04/12 16:37:33 | 002,096,640 | ---- | M] (Farbar) -- C:\Users\dale\Desktop\FRST64.exe
[2015/04/06 22:13:51 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/05 20:09:43 | 000,024,192 | ---- | M] () -- C:\Users\dale\AppData\Roaming\Notepad2.ini
[2015/04/02 17:30:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2015/04/02 16:36:15 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ASM52A2200-Windows-7-Professional-(64-bit).dat
 
========== Files Created - No Company Name ==========
 
[2015/04/13 16:50:32 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2015/04/13 16:50:32 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/04/13 16:49:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[2015/04/13 16:49:06 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk
[2015/04/11 20:25:08 | 000,028,097 | ---- | C] () -- C:\Users\dale\Desktop\geessy visa photo.jpg
[2015/04/02 16:36:15 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ASM52A2200-Windows-7-Professional-(64-bit).dat
[2014/01/27 09:09:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2014/01/27 09:09:27 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/10/20 10:47:57 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/10/20 10:47:57 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/04/16 14:33:09 | 000,227,521 | ---- | C] () -- C:\Users\dale\P4160069.jpg
[2013/04/16 10:49:37 | 000,373,205 | ---- | C] () -- C:\Users\dale\P4160068.jpg
[2012/07/10 16:57:21 | 000,617,040 | ---- | C] () -- C:\Users\dale\MSP form.pdf
[2011/05/06 07:11:40 | 000,024,192 | ---- | C] () -- C:\Users\dale\AppData\Roaming\Notepad2.ini
[2011/04/18 09:20:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 22:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 22:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD2500BEVT-22ZCT0 ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 12583960576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 221.00GB
Starting Offset: 12688818176
Hidden sectors: 0
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SYSTEMDRIVE%\*.exe >
 
< %ALLUSERSPROFILE%\Application Data\*.exe >
 
< %APPDATA%\*. >
[2013/02/24 18:46:04 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\ABBYY
[2012/06/15 09:40:20 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Acronis
[2015/04/13 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Adobe
[2015/03/18 14:54:46 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\AdvertismentImages
[2012/12/12 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Alawar Entertainment
[2012/12/12 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Braid
[2012/09/15 10:16:28 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Canneverbe Limited
[2014/09/16 14:51:36 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Downloaded Installations
[2015/03/26 07:55:14 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\DVDVideoSoft
[2014/09/16 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\FileOpen
[2011/04/16 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Identities
[2011/05/01 06:57:30 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\InstallShield
[2014/03/22 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Intuit Canada
[2011/04/16 11:44:12 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Macromedia
[2014/04/10 13:13:45 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\MAGIX
[2015/03/26 07:11:39 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Malwarebytes
[2009/07/14 00:45:37 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Media Center Programs
[2015/04/13 18:04:37 | 000,000,000 | --SD | M] -- C:\Users\dale\AppData\Roaming\Microsoft
[2015/04/08 12:37:40 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Mozilla
[2014/09/16 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Nitro
[2014/08/22 09:06:48 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Nitro PDF
[2013/10/20 10:43:08 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Samsung
[2015/04/15 13:13:30 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Skype
[2013/07/10 15:24:43 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\SMART Technologies
[2013/07/10 08:08:20 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\SMART Technologies Inc
[2012/05/29 15:44:12 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\Synaptics
[2015/04/13 07:35:15 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\uTorrent
[2012/08/30 20:02:17 | 000,000,000 | ---D | M] -- C:\Users\dale\AppData\Roaming\WinRAR
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CSRSS.EXE  >
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 18:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
 
< MD5 for: EXPLORER.EXE  >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
 
< MD5 for: MSWSOCK.DLL  >
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 06:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2013/09/06 19:04:16 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\erdnt\cache64\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll
[2013/09/07 19:27:14 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[2013/09/06 19:24:39 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\erdnt\cache86\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll
[2013/09/07 19:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[2009/07/13 18:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
 
< MD5 for: NAPINSP.DLL  >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 18:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll
 
< MD5 for: NLAAPI.DLL  >
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2012/01/13 00:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 09:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 06:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/18 13:31:53 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=39170EE9D22ED3DAF45501ED19E145D6 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_c5de055b3ae94990\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 10:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_c561372a21c1c35c\nlaapi.dll
[2014/12/05 21:18:18 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=5A6A55BB31693D2D7064D7F44ADDB98D -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22893_none_d032afad6f4a0b8b\nlaapi.dll
[2009/07/13 18:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll
[2012/10/03 10:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll
[2014/12/05 20:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=FE48346938C1CDDDF4E4097DB9B99764 -- C:\Windows\SysWOW64\nlaapi.dll
[2014/12/05 20:50:19 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=FE48346938C1CDDDF4E4097DB9B99764 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.18685_none_cfb5e17c56228557\nlaapi.dll
 
< MD5 for: PNRPNSP.DLL  >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 18:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
 
< MD5 for: PRINTISOLATIONHOST.EXE  >
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 18:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 05:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 18:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 06:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2014/03/04 04:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 02:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014/07/16 19:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
[2014/07/16 19:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[2014/07/15 20:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
 
< MD5 for: WINRNR.DLL  >
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 18:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
 
< MD5 for: WSHELPER.DLL  >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll
 
< C:\Windows\assembly\tmp\U\*.* /s >
 
< %systemroot%\*. /mp /s >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2015/04/05 20:29:50 | 000,922,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2015/04/05 20:29:50 | 000,922,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2015/04/05 20:29:50 | 000,922,152 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/02/23 20:15:54 | 000,813,736 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2015/02/23 19:32:46 | 000,815,272 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2015/04/05 20:29:50 | 000,922,152 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2015/04/05 20:29:50 | 000,922,152 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2015/04/05 20:29:50 | 000,922,152 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2015/04/05 20:29:56 | 000,376,944 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2015/04/13 14:55:42 | 000,812,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/02/19 18:49:33 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/02/19 18:49:33 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/02/19 18:49:33 | 000,718,848 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2015/02/23 20:15:54 | 000,813,736 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2015/02/23 19:32:46 | 000,815,272 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\system32\*.dll /lockedfiles >
[2015/02/20 17:41:09 | 012,827,648 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 05:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 18:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 19:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 18:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 14:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 14:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 14:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 14:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 14:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 14:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 14:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 19:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
 


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP
 
Copy the text in the code box by highlighting and Ctrl + c 
 
 
/md5start
C:\Windows\system32\ieframe.dll
/md5stop
 
then run OTL (right click and Run As Admin.)   and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all, close your browsers and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done.  Save the log and copy and paste it to a reply.

  • 0






Similar Topics


Also tagged with one or more of these keywords: popoptionalspigot, malware, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP