Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Cannot remove MYPCBACKUP malware!

MyPC Backup Malware Remove

  • Please log in to reply

#1
Tericab

Tericab

    New Member

  • Member
  • Pip
  • 3 posts

Somehow this malware was attached to something I downloaded and I've run CClearner and Malwarebytes and have tried to uninstall and it keeps returning with other popups.  It is also creating new tabs in my Firefox browser.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Owner (administrator) on BCMOFFICE on 09-04-2015 18:41:40
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Owner\AppData\Local\Temp\nsg65C7.tmp
(Gambali OEM Software) C:\ProgramData\FlashBeat\Gambali.exe
() C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Users\Owner\AppData\Local\Temp\nsv6A4C.tmp
() C:\Program Files (x86)\OLBPre\OLBPre.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsj73BC.tmp
(OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Update] => C:\Users\Owner\AppData\Roaming\Eppink\Eppink.exe /runonce
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [NinjaLoader] => "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\OLBPre\OLBPre.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyrid...pplets/sync.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Gambali.dll [340944] (Gambali OEM Software)
Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 15 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271207691-2682249754-1176388757-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\user.js [2013-12-26]
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\user.js [2013-12-26]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-19] (Apple Inc.)
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\[email protected] [2015-04-07]
FF Extension: EazyZoom - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\[email protected] [2015-04-07]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2012-12-05]
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2015-04-07]
FF Extension: NetVideoHunter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2015-03-04]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2012-12-10]
FF HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Firefox\Extensions: [{3d90f257-fa16-4fd0-9407-f1fc34a25274}] - C:\Program Files (x86)\Show-Password\150.xpi
FF HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ninja Loader\FireFox

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjahobnmbbohjdpfffcpohenbjbcccd [2013-04-04]
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.goo...ice/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [156440 2014-11-20] (Code 42 Software)
R2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [335872 2015-04-08] () [File not signed]
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R2 Gambali; C:\ProgramData\FlashBeat\Gambali.exe [1916456 2015-03-31] (Gambali OEM Software) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 remezyru; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsj73BC.tmp [296960 2015-04-09] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 18:41 - 2015-04-09 18:41 - 00023147 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-04-09 18:41 - 2015-04-09 18:41 - 00000000 ___DC () C:\FRST
2015-04-09 18:41 - 2015-04-09 18:40 - 02095616 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-04-09 18:16 - 2015-04-09 18:16 - 00127260 _____ () C:\Users\Owner\Desktop\OTL.Txt
2015-04-09 18:01 - 2015-04-09 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-04-09 15:14 - 2015-04-09 15:14 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-04-09 01:52 - 2015-04-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 21:10 - 2015-04-08 21:39 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-08 17:17 - 2015-04-09 17:14 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-04-08 17:17 - 2015-04-08 17:17 - 00008944 _____ () C:\Windows\SysWOW64\GambaliOff.ini
2015-04-08 17:17 - 2015-04-08 17:17 - 00008944 _____ () C:\Windows\system32\GambaliOff.ini
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 17:17 - 2015-03-31 15:18 - 00408424 _____ (Gambali OEM Software) C:\Windows\system32\Gambali64.dll
2015-04-08 17:17 - 2015-03-31 15:18 - 00340944 _____ (Gambali OEM Software) C:\Windows\SysWOW64\Gambali.dll
2015-04-08 16:42 - 2015-04-08 16:42 - 00001504 _____ () C:\Windows\PFRO.log
2015-04-08 16:42 - 2015-04-08 16:42 - 00000112 _____ () C:\Windows\setupact.log
2015-04-08 16:42 - 2015-04-08 16:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-08 15:09 - 2015-04-08 21:39 - 00003986 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-08 14:33 - 2015-04-08 14:33 - 00000000 ____D () C:\Users\Owner\.cache
2015-04-08 13:51 - 2015-04-08 13:51 - 00001092 _____ () C:\Users\Owner\Desktop\Continue Live Installation.lnk
2015-04-08 13:15 - 2015-04-08 13:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-08 13:15 - 2015-04-08 13:15 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ () C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:57 - 2015-04-07 23:57 - 00004016 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:33 - 2015-04-07 21:33 - 00000000 ____D () C:\ProgramData\56e5155400004993
2015-04-07 21:27 - 2015-04-07 21:27 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2015-04-07 21:17 - 2015-04-07 21:17 - 00000000 ____D () C:\ProgramData\226fdb4400001767
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:10 - 2015-04-07 21:10 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:04 - 2015-04-07 21:17 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.75
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-09 18:14 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-09 16:27 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ () C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\globalUpdate
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-09 16:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-04-07 19:23 - 2015-04-07 19:23 - 00006656 _____ () C:\Users\Owner\Documents\cc_20150407_192259.reg
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Program Files (x86)\CrashPlan
2015-04-05 10:27 - 2015-04-05 10:27 - 47207976 _____ (Code 42 Software) C:\Users\Owner\Downloads\CrashPlan_3.7.0_Win.exe
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:01 - 2015-04-09 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-11 06:38 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 06:38 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 06:38 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 06:38 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:38 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:38 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:38 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 06:38 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 06:38 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 06:38 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 06:38 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 06:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 06:38 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 06:38 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 06:38 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 06:38 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 06:38 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 06:38 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 06:38 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 06:38 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 06:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 06:38 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 06:38 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 06:38 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 06:38 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 06:38 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 06:38 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 06:38 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 06:38 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 06:38 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 06:37 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 06:37 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 06:37 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 06:37 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 06:37 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 06:37 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 06:37 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 06:37 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 06:37 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 06:37 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 06:37 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 06:37 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 06:37 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 06:37 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 06:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 06:37 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 06:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 06:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 06:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 06:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 06:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 06:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 06:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 06:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 06:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 06:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 06:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 06:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 06:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 06:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 06:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 06:37 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 06:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 06:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 06:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 06:37 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 06:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 06:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 06:37 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 06:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 06:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 06:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 06:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 06:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 06:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 06:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 06:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 06:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 06:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 06:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 06:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 06:37 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 06:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 06:37 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 06:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 06:37 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 06:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 06:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 06:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 06:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 06:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 06:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 06:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 06:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 06:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 06:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 06:37 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:37 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 06:37 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:37 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:37 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 06:37 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:37 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 18:04 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 17:56 - 2011-06-24 16:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job
2015-04-09 17:47 - 2012-04-29 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 17:42 - 2012-06-13 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 17:41 - 2014-10-27 03:31 - 01373902 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 15:56 - 2011-06-24 16:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job
2015-04-09 02:00 - 2014-09-01 12:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-04-08 16:51 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 16:51 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 16:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 14:33 - 2012-03-26 15:24 - 00000000 ____D () C:\Users\Owner
2015-04-08 13:38 - 2014-11-13 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 13:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 13:15 - 2011-06-24 16:40 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-08 13:15 - 2011-06-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-08 13:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 22:23 - 2012-03-26 20:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-07 21:38 - 2011-06-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-07 21:36 - 2012-03-26 21:39 - 00000000 ____D () C:\Program Files (x86)\DVDFab 8 Qt
2015-04-07 21:35 - 2013-05-15 20:51 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-07 20:42 - 2013-12-31 19:57 - 00000000 ____D () C:\ProgramData\Canon
2015-04-07 20:42 - 2013-12-31 19:53 - 00000000 ____D () C:\Program Files\Canon
2015-04-07 19:39 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-04-07 19:33 - 2012-05-19 23:43 - 00000000 ____D () C:\Users\Owner\.ProMPIX
2015-04-07 19:22 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-07 19:19 - 2013-12-16 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-04-07 19:19 - 2013-10-21 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-04-02 18:45 - 2015-02-19 20:40 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 18:45 - 2015-02-19 20:40 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-24 12:11 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-03-20 06:52 - 2014-08-15 23:11 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2015-03-12 04:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 03:24 - 2012-03-22 15:11 - 05086520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:08 - 2012-03-26 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:04 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:01 - 2011-06-24 16:08 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-30 19:25 - 2015-01-11 13:25 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2014-12-30 19:25 - 2015-01-11 13:25 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2014-12-30 19:25 - 2015-01-11 13:25 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2014-12-30 19:25 - 2015-01-11 13:25 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.log
2014-12-30 19:25 - 2015-01-11 13:25 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-02-28 13:54 - 2015-03-04 04:17 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-27 10:07 - 2012-03-27 10:07 - 0003178 _____ () C:\Users\Owner\AppData\Local\HWVendorDetection.log
2012-03-26 21:02 - 2012-03-26 21:07 - 0000834 _____ () C:\ProgramData\hpzinstall.log
2013-04-04 12:46 - 2013-04-04 12:46 - 0033958 _____ () C:\ProgramData\uninstaller.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\13.exe
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue38FA.exe
C:\Users\Owner\AppData\Local\Temp\jue5DAF.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\supoptsetup.exe
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:15

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Owner at 2015-04-09 18:44:11
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced Scan to PDF Free 3.5.1 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
AIO_Scan (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{F42B8C14-63E5-4F8D-B848-12F010593AB8}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Software Service Inc.) <==== ATTENTION
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
CrashPlan (HKLM-x32\...\{F5DF8435-7822-4D0C-88A9-604EC76D0B06}) (Version: 3.7.0 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION!
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImageMagick 6.8.8-0 Q16 (32-bit) (2014-01-01) (HKLM-x32\...\ImageMagick 6.8.8 Q16 (32-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mpixpro ROES (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\mpixpro ROES) (Version:  - mpix)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Photo Creations (Mpix Press Edition) (HKLM-x32\...\{A33D675A-2833-45AF-855F-214FC549B944}) (Version: 7.8.4005 - Digilabs)
MyPC Backup  (HKLM-x32\...\OLBPre) (Version:  - MyPC Backup) <==== ATTENTION
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Paragon Alignment Tool™ 3.0 (HKLM-x32\...\{4D83E500-4D0C-11DF-A750-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoRescue Wizard PC 3.3.2.13314 (HKLM-x32\...\PhotoRescue Wizard PC_is1) (Version:  - DataRescue sa/nv)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6236 - Realtek Semiconductor Corp.)
RedSn0w Packages (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\RedSn0w Packages) (Version:  - ) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.83040 - Sonos, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VPS ROES (HKLM-x32\...\{7B990B7E-4B5B-47AA-8017-E490F5D48B36}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-12-27 00:41 - 00001246 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0108855D-A749-45CF-83E2-25C977DBB825} - System32\Tasks\AdobeAAMUpdater-1.0-BCMOFFICE-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {057B8B8A-04CE-4DC4-94A8-90CD87D1D1CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {18975B83-258B-4E8B-9C04-D889343672F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {37D255EC-97A7-4680-9CA8-9AE04DC80FAA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4778F49E-1D7E-4BCF-B83E-AADB273995A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {756ECE48-998F-4362-83A9-449C3F90A888} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {7E3AC824-CFF8-4FCA-A47B-5400563A240E} - System32\Tasks\{3B8739B0-2F92-4F37-8C74-670750C2740D} => pcalua.exe -a C:\Users\Owner\Desktop\oxelonplugins.exe -d C:\Users\Owner\Desktop
Task: {80262CC3-070F-4C8E-AA6E-994D9B8C478E} - System32\Tasks\{F93ACB3E-2519-405A-A9A6-6560CBC1D416} => pcalua.exe -a C:\Users\Owner\Downloads\setup.exe -d C:\Users\Owner\Downloads
Task: {8248372F-089A-446B-B25C-749B8DFCEE99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {91944BE9-F7F2-453C-8AB6-62633D165C93} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AB7FCA9E-AFFB-43EF-B8E0-E49CC7F54D4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {AC74B9E4-806E-47FF-8144-DEE375519BB3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {B2039A05-BD51-423D-8023-7C76D42C1C4C} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-04-08] ()
Task: {B7BF62C9-8654-47EA-9B83-1016F2ACC3D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {CC4137B9-EF23-4E20-B2A3-F1C0C162952E} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION
Task: {D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2012-07-17 10:21 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-08-15 23:11 - 2014-05-20 08:19 - 00105640 ____C () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-07 20:45 - 2015-04-07 20:45 - 00185856 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
2015-03-20 06:51 - 2015-01-27 11:29 - 08898720 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-31 19:56 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2013-12-31 19:56 - 2006-10-30 17:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2014-01-26 20:59 - 2014-01-13 12:24 - 01356568 ____C () C:\Program Files\Tablet\Pen\libxml2.dll
2015-04-08 17:12 - 2015-04-08 17:13 - 00247625 _____ () C:\Users\Owner\AppData\Local\Temp\nsg65C7.tmp
2015-04-08 17:17 - 2015-04-08 22:06 - 00335872 _____ () C:\ProgramData\FlashBeat\FlashBeat.exe
2015-04-08 17:25 - 2015-04-08 17:25 - 00256718 _____ () C:\Users\Owner\AppData\Local\Temp\nsv6A4C.tmp
2015-04-08 09:39 - 2015-04-08 09:39 - 01283072 _____ () C:\Program Files (x86)\OLBPre\OLBPre.exe
2015-04-09 16:47 - 2015-04-09 16:47 - 00296960 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsj73BC.tmp
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-20 12:12 - 2014-11-20 12:12 - 00013312 _____ () C:\Program Files (x86)\CrashPlan\md5.dll
2014-11-20 12:14 - 2014-11-20 12:14 - 00200472 _____ () C:\Program Files (x86)\CrashPlan\cpnative.dll
2015-04-08 17:13 - 2015-04-08 17:13 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\nsrD193.tmp\System.dll
2015-04-08 17:25 - 2015-04-08 17:25 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\System.dll
2015-04-08 17:25 - 2015-04-08 17:25 - 00009728 _____ () C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\nsDialogs.dll
2015-04-08 17:25 - 2015-04-08 17:25 - 00025088 _____ () C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\registry.dll
2015-04-08 17:25 - 2015-04-08 17:25 - 00067584 _____ () C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\Math.dll
2015-04-08 17:25 - 2015-04-08 17:25 - 00069120 _____ () C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\nsWeb_DispOffr.dll
2015-02-05 14:42 - 2015-02-05 14:42 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4271207691-2682249754-1176388757-500 - Administrator - Disabled)
Guest (S-1-5-21-4271207691-2682249754-1176388757-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4271207691-2682249754-1176388757-1003 - Limited - Enabled)
Owner (S-1-5-21-4271207691-2682249754-1176388757-1001 - Administrator - Enabled) => C:\Users\Owner
Sonos (S-1-5-21-4271207691-2682249754-1176388757-1005 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 09:06:10 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (04/08/2015 09:06:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (04/08/2015 04:43:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 01:35:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname BCMOffice.local already in use; will try BCMOffice-2.local instead

Error: (04/08/2015 01:35:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 BCMOffice.local. Addr 192.168.1.248

Error: (04/08/2015 01:35:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.248:5353   16 BCMOffice.local. AAAA 2602:0306:CF56:E960:C840:D8B9:DD2E:6E9D

Error: (04/08/2015 01:35:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname BCMOffice.local already in use; will try BCMOffice-2.local instead

Error: (04/08/2015 01:35:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister    4 BCMOffice.local. Addr 192.168.1.248

Error: (04/08/2015 01:35:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.248:5353   16 BCMOffice.local. AAAA 2602:0306:CF56:E960:C840:D8B9:DD2E:6E9D

Error: (04/08/2015 01:35:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname BCMOffice.local already in use; will try BCMOffice-2.local instead


System errors:
=============
Error: (04/09/2015 06:42:39 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/09/2015 04:52:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (04/09/2015 04:52:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/08/2015 04:52:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (04/08/2015 04:52:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/08/2015 04:44:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (04/08/2015 04:42:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (04/08/2015 04:42:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (04/08/2015 01:40:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (04/08/2015 01:40:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (11/15/2014 02:32:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17099 seconds with 3900 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 44%
Total physical RAM: 8091.41 MB
Available physical RAM: 4453.57 MB
Total Pagefile: 16181.02 MB
Available Pagefile: 13297.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:109.94 GB) (Free:2.08 GB) NTFS
Drive f: (Data) (Fixed) (Total:465.76 GB) (Free:412.17 GB) NTFS
Drive g: (FLASHMOVIES) (Removable) (Total:14.9 GB) (Free:14.86 GB) FAT32
Drive i: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:93.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84AFD1A8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E4FCA7A1)
Partition 1: (Active) - (Size=1.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)



Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :
  • 0

#3
Tericab

Tericab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thank you so much for responding.  I really need my computer back.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Owner (administrator) on BCMOFFICE on 09-04-2015 22:25:06
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [NinjaLoader] => "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyrid...pplets/sync.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271207691-2682249754-1176388757-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-19] (Apple Inc.)
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\[email protected] [2015-04-07]
FF Extension: EazyZoom - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\[email protected] [2015-04-07]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2012-12-05]
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2015-04-07]
FF Extension: NetVideoHunter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2015-03-04]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\[email protected] [2012-12-10]
FF HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ninja Loader\FireFox

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjahobnmbbohjdpfffcpohenbjbcccd [2013-04-04]
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.goo...ice/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [156440 2014-11-20] (Code 42 Software)
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
R2 xeluquze; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp [290304 2015-04-09] () [File not signed]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 22:23 - 2015-04-09 22:23 - 00001559 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-04-09 22:21 - 2015-04-09 22:23 - 00000000 ____D () C:\Users\Owner\Documents\Log Files
2015-04-09 22:07 - 2015-04-09 22:07 - 00002950 _____ () C:\Windows\PFRO.log
2015-04-09 22:07 - 2015-04-09 22:07 - 00000112 _____ () C:\Windows\setupact.log
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-09 22:03 - 2015-04-09 22:06 - 00000000 ___DC () C:\AdwCleaner
2015-04-09 22:03 - 2015-04-09 22:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BCMOFFICE-Windows-7-Home-Premium-(64-bit).dat
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ___DC () C:\RegBackup
2015-04-09 22:02 - 2015-04-09 21:56 - 02686959 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-04-09 22:02 - 2015-04-09 21:56 - 02217984 _____ () C:\Users\Owner\Desktop\adwcleaner_4.201.exe
2015-04-09 20:21 - 2015-04-09 20:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Compete
2015-04-09 18:41 - 2015-04-09 22:25 - 00018662 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-04-09 18:41 - 2015-04-09 22:25 - 00000000 ___DC () C:\FRST
2015-04-09 18:41 - 2015-04-09 18:40 - 02095616 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-04-09 18:01 - 2015-04-09 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-04-09 15:14 - 2015-04-09 15:14 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-04-09 01:52 - 2015-04-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 21:10 - 2015-04-08 21:39 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 15:09 - 2015-04-08 21:39 - 00003986 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-08 14:33 - 2015-04-08 14:33 - 00000000 ____D () C:\Users\Owner\.cache
2015-04-08 13:15 - 2015-04-08 13:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-08 13:15 - 2015-04-08 13:15 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ () C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:27 - 2015-04-07 21:27 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-09 22:14 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-09 22:07 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-09 22:07 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ () C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-09 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-04-07 19:23 - 2015-04-07 19:23 - 00006656 _____ () C:\Users\Owner\Documents\cc_20150407_192259.reg
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Program Files (x86)\CrashPlan
2015-04-05 10:27 - 2015-04-05 10:27 - 47207976 _____ (Code 42 Software) C:\Users\Owner\Downloads\CrashPlan_3.7.0_Win.exe
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:01 - 2015-04-09 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-11 06:38 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 06:38 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 06:38 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 06:38 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:38 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:38 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:38 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 06:38 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 06:38 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 06:38 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 06:38 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 06:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 06:38 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 06:38 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 06:38 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 06:38 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 06:38 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 06:38 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 06:38 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 06:38 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 06:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 06:38 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 06:38 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 06:38 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 06:38 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 06:38 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 06:38 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 06:38 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 06:38 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 06:38 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 06:37 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 06:37 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 06:37 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 06:37 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 06:37 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 06:37 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 06:37 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 06:37 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 06:37 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 06:37 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 06:37 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 06:37 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 06:37 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 06:37 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 06:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 06:37 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 06:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 06:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 06:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 06:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 06:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 06:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 06:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 06:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 06:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 06:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 06:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 06:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 06:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 06:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 06:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 06:37 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 06:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 06:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 06:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 06:37 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 06:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 06:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 06:37 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 06:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 06:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 06:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 06:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 06:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 06:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 06:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 06:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 06:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 06:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 06:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 06:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 06:37 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 06:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 06:37 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 06:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 06:37 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 06:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 06:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 06:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 06:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 06:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 06:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 06:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 06:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 06:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 06:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 06:37 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:37 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 06:37 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:37 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:37 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 06:37 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:37 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 22:17 - 2014-11-13 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 22:17 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 22:17 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 22:13 - 2014-10-27 03:31 - 01390230 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 22:12 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 22:07 - 2012-04-29 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 22:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 21:56 - 2011-06-24 16:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job
2015-04-09 21:42 - 2012-06-13 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 19:16 - 2014-04-15 22:11 - 00104448 ___SH () C:\Users\Owner\Documents\Thumbs.db
2015-04-09 15:56 - 2011-06-24 16:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job
2015-04-09 02:00 - 2014-09-01 12:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-04-08 14:33 - 2012-03-26 15:24 - 00000000 ____D () C:\Users\Owner
2015-04-08 13:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 13:15 - 2011-06-24 16:40 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-08 13:15 - 2011-06-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-08 13:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 22:23 - 2012-03-26 20:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-07 21:38 - 2011-06-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-07 21:36 - 2012-03-26 21:39 - 00000000 ____D () C:\Program Files (x86)\DVDFab 8 Qt
2015-04-07 21:35 - 2013-05-15 20:51 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-07 20:42 - 2013-12-31 19:57 - 00000000 ____D () C:\ProgramData\Canon
2015-04-07 20:42 - 2013-12-31 19:53 - 00000000 ____D () C:\Program Files\Canon
2015-04-07 19:39 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-04-07 19:33 - 2012-05-19 23:43 - 00000000 ____D () C:\Users\Owner\.ProMPIX
2015-04-07 19:22 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-07 19:19 - 2013-12-16 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-04-07 19:19 - 2013-10-21 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-04-02 18:45 - 2015-02-19 20:40 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 18:45 - 2015-02-19 20:40 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-24 12:11 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-03-20 06:52 - 2014-08-15 23:11 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2015-03-12 04:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 03:24 - 2012-03-22 15:11 - 05086520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:08 - 2012-03-26 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:04 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:01 - 2011-06-24 16:08 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-30 19:25 - 2015-01-11 13:25 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2014-12-30 19:25 - 2015-01-11 13:25 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2014-12-30 19:25 - 2015-01-11 13:25 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2014-12-30 19:25 - 2015-01-11 13:25 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.log
2014-12-30 19:25 - 2015-01-11 13:25 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-02-28 13:54 - 2015-03-04 04:17 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-27 10:07 - 2012-03-27 10:07 - 0003178 _____ () C:\Users\Owner\AppData\Local\HWVendorDetection.log
2012-03-26 21:02 - 2012-03-26 21:07 - 0000834 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Owner at 2015-04-09 22:25:25
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced Scan to PDF Free 3.5.1 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
AIO_Scan (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{F42B8C14-63E5-4F8D-B848-12F010593AB8}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
CrashPlan (HKLM-x32\...\{F5DF8435-7822-4D0C-88A9-604EC76D0B06}) (Version: 3.7.0 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImageMagick 6.8.8-0 Q16 (32-bit) (2014-01-01) (HKLM-x32\...\ImageMagick 6.8.8 Q16 (32-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mpixpro ROES (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\mpixpro ROES) (Version:  - mpix)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Photo Creations (Mpix Press Edition) (HKLM-x32\...\{A33D675A-2833-45AF-855F-214FC549B944}) (Version: 7.8.4005 - Digilabs)
MyPC Backup  (HKLM-x32\...\OLBPre) (Version:  - MyPC Backup) <==== ATTENTION
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Paragon Alignment Tool™ 3.0 (HKLM-x32\...\{4D83E500-4D0C-11DF-A750-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoRescue Wizard PC 3.3.2.13314 (HKLM-x32\...\PhotoRescue Wizard PC_is1) (Version:  - DataRescue sa/nv)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6236 - Realtek Semiconductor Corp.)
RedSn0w Packages (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\RedSn0w Packages) (Version:  - ) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.83040 - Sonos, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VPS ROES (HKLM-x32\...\{7B990B7E-4B5B-47AA-8017-E490F5D48B36}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-12-27 00:41 - 00001246 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0108855D-A749-45CF-83E2-25C977DBB825} - System32\Tasks\AdobeAAMUpdater-1.0-BCMOFFICE-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {057B8B8A-04CE-4DC4-94A8-90CD87D1D1CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {18975B83-258B-4E8B-9C04-D889343672F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {37D255EC-97A7-4680-9CA8-9AE04DC80FAA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4778F49E-1D7E-4BCF-B83E-AADB273995A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {756ECE48-998F-4362-83A9-449C3F90A888} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {7E3AC824-CFF8-4FCA-A47B-5400563A240E} - System32\Tasks\{3B8739B0-2F92-4F37-8C74-670750C2740D} => pcalua.exe -a C:\Users\Owner\Desktop\oxelonplugins.exe -d C:\Users\Owner\Desktop
Task: {80262CC3-070F-4C8E-AA6E-994D9B8C478E} - System32\Tasks\{F93ACB3E-2519-405A-A9A6-6560CBC1D416} => pcalua.exe -a C:\Users\Owner\Downloads\setup.exe -d C:\Users\Owner\Downloads
Task: {8248372F-089A-446B-B25C-749B8DFCEE99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {91944BE9-F7F2-453C-8AB6-62633D165C93} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AB7FCA9E-AFFB-43EF-B8E0-E49CC7F54D4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B2039A05-BD51-423D-8023-7C76D42C1C4C} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-04-08] ()
Task: {B7BF62C9-8654-47EA-9B83-1016F2ACC3D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-04-07 20:45 - 2015-04-07 20:45 - 00185856 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
2015-03-20 06:51 - 2015-01-27 11:29 - 08898720 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-09 20:48 - 2015-04-09 20:48 - 00290304 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp
2014-08-15 23:11 - 2014-05-20 08:19 - 00105640 ____C () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-17 10:21 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4271207691-2682249754-1176388757-500 - Administrator - Disabled)
Guest (S-1-5-21-4271207691-2682249754-1176388757-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4271207691-2682249754-1176388757-1003 - Limited - Enabled)
Owner (S-1-5-21-4271207691-2682249754-1176388757-1001 - Administrator - Enabled) => C:\Users\Owner
Sonos (S-1-5-21-4271207691-2682249754-1176388757-1005 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 19%
Total physical RAM: 8091.41 MB
Available physical RAM: 6529.16 MB
Total Pagefile: 16181.02 MB
Available Pagefile: 14690.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:109.94 GB) (Free:3.16 GB) NTFS
Drive f: (Data) (Fixed) (Total:465.76 GB) (Free:445.9 GB) NTFS
Drive i: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:93.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84AFD1A8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E4FCA7A1)
Partition 1: (Active) - (Size=1.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

# AdwCleaner v4.201 - Logfile created 09/04/2015 at 22:06:50
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - BCMOFFICE
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Gambali
[#] Service Deleted : FlashBeat

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\226fdb4400001767
Folder Deleted : C:\ProgramData\56e5155400004993
Folder Deleted : C:\Users\Owner\Documents\PC Speed Maximizer
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
File Deleted : C:\END
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Windows\SysWOW64\Gambali.dll
File Deleted : C:\Windows\SysWOW64\GambaliOff.ini
File Deleted : C:\Windows\System32\Gambali64.dll
File Deleted : C:\Windows\System32\GambaliOff.ini
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Owner\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\invalidprefs.js

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{3d90f257-fa16-4fd0-9407-f1fc34a25274}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\a57df88b03eb844
Key Deleted : HKLM\SOFTWARE\3d0931b5-01fe-4cc5-df93-103b75b9a8fd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=120660&tt=190313_wctrl&babsrc=HP_ss&mntrId=AA1A386077D61C6B");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22www.eas[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "aa1a42d5000000000000386077d61c6b");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15789");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.019:39:46");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.dfltlng", "en");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.did", "10671");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.hdrMd5", "BAD92D905C2EDF91D8FE2ABAD97828DC");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.hmpg", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.hrdid", "0");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.id", "aa1a42d5000000000000386077d61c6b");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlDay", "15531");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlRef", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlday", "15531");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlref", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.keywordurl", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.newTab", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.newtab", "false");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.newtaburl", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.ppd", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.productid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.sg", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.smplgrp", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.srch", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.srchprvdr", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHwVqQuG&loc=IB_TB&i=26&search=");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrid", "base");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyHwVqQuG&loc=IB_TB&i=26&search=");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.upn2", "6OyHwVqQuG");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.upn2n", "92261732028467390");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.did", "10671");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.id", "aa1a42d5000000000000386077d61c6b");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15531");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHwVqQuG&loc=IB_TB&i=26&search=");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.upn2", "6OyHwVqQuG");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92261732028467390");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&[...]
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavi[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [19002 bytes] - [09/04/2015 22:03:28]
AdwCleaner[R1].txt - [17687 bytes] - [09/04/2015 22:05:29]
AdwCleaner[R2].txt - [17747 bytes] - [09/04/2015 22:06:24]
AdwCleaner[S0].txt - [18267 bytes] - [09/04/2015 22:06:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18327  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 04/09/2015 at 22:21:52.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0m1zdpha.default-1343610594345\prefs.js

user_pref("CT3290971_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365637088569,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22am
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ga2781yf.default\minidumps [2 files]
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0m1zdpha.default-1343610594345\minidumps [63 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/09/2015 at 22:23:47.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello


Download CKScanner by askey127 from HERE http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  • 0

#5
Tericab

Tericab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
scanner sequence 3.ED.11.HQNABZ
 ----- EOF -----
 


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi Tericab,

Before we go any further, I would like to point out that after reviewing the logs you posted once again they are dated for the day before I had requested the logs. I found that kind of odd. After further research, I see that you had started a topic at Bleeping Computer as well as here at Geeks To Go. Fortunately, here at GTG we have the same policy found here. Please read the 15th bullet in the list of Geeks to Go Support Forum Rules, Policies and Disclaimers:
 

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.


To continue to receive further assistance, you will have to uninstall the pirated version(s) of Adobe programs and restore the original Microsoft host file.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP