Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected. [Solved]


  • This topic is locked This topic is locked

#16
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, I need to understand the order of things.  The FRST fixlog was created Friday night around 11PM, and my Safe Mode instructions were posted Saturday in the late afternoon.  Was the fix run twice by chance?  If it was run in Safe Mode as well, there would be a newer log created which would indicate this.
 
Apologies for any misunderstanding with the logs and posting them.  I didn't realize that you had run the initial fix I posted.  The restore likely replaced all the malware entries.  I realize this may quite frustrating, but we will sort it out in due time. :woot:
 

Wireless stopped working after safe mode.

  • Was your wireless working before you went into Safe Mode?
  • Did it work while in Safe Mode?
  • Did it stop working after the fix?
  • Who is your Internet Service Provider (ISP)?
  • Does your ISP require a proxy server to get on the Internet?
  • What type of Internet connection do you have?  It looks like CGO Cable perhaps...

We may need to use the wired connection, but not just yet.  It's good to know the option is there.  In the meantime let's get a fresh look at the system to see what is there at this time:
 
First
 
Please insert your USB stick into the clean computer, and delete any copy of FRST on your USB stick.

On the clean computer, please download a new copy of Farbar Recovery Scan Tool and save it to your USB stick.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.  (You will need the 64-bit version it seems.)
 
Eject the USB Drive.
 
 
Second

  • Plug the USB drive containing FRST into the infected computer.
  • Open Windows Explorer and browse to the USB drive.
  • Find FRST.exe (32-bit) or FRST64.exe (64-bit), depending on what version you downloaded.  We are going to run it right from the USB stick.
  • Right click on FRST and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
  • Make sure the Addition.txt check-box is checked.
  • Make sure the Drivers MD5 check-box is checked.
  • Make sure the 90 Days Files check-box is checked.
     
  • Press the Scan button.
  • It will produce two logs called FRST.txt and Addition.txt on the Flash Drive that the tool is run from.
  • Eject the Flash Drive and plug it back into the clean computer.
  • Navigate to the Flash drive and find the FRST.txt and Addition.txt log files
  • Please copy and paste the contents of both of those logs back here in your next reply.

  • 0

Advertisements


#17
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

I don't understand why I cannot copy and paste. I try everytime and it won't let me.

 

Attached Files


  • 0

#18
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

internet was working before I went into safe mode.It worked in safe mode then I did the fix then could not get it and that was when I did a restore. Then when I went back into safe mode internet did not work and it still is not working but I have disabled it. My service provider is cogeco cable. I am not sure if it requires a proxy server.


  • 0

#19
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, thank you for the logs and for answering my questions. :)  I will review everything and come back with further instructions.

 

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Ginette (administrator) on GINETTE-HP on 19-04-2015 15:26:22
Running from F:\
Loaded Profiles: Ginette (Available profiles: Ginette)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Dropbox, Inc.) C:\Users\Ginette\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2001920 2014-04-04] (AimerSoft)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Reader Library Launcher] => C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-13] (Sony Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Run: [OneDrive] => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-12] (Microsoft Corporation)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\hp\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\RunOnce: [Uninstall C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\RunOnce: [Uninstall C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\RunOnce: [Uninstall C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\RunOnce: [Uninstall C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\RunOnce: [Uninstall C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ginette\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\RunOnce: [Uninstall C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\Syswow64\FIREPL~1.SCR [6412288 2014-01-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ginette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ginette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-09-17]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?tc=1
SearchScopes: HKLM -> {9465BC86-3F40-486B-BCCA-2BB4960A2B20} URL = http://www.amazon.ca...s={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default
FF DefaultSearchUrl: hxxp://www.bing.com/search
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-18] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll [2012-10-29] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-06-04] (Apple Inc.)
FF SearchPlugin: C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\searchplugins\bing-avast.xml [2014-06-23]
FF Extension: saaveRneet - C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Extensions\[email protected] [2015-04-17]
FF Extension: saVeron - C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Extensions\[email protected] [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-01-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\Ginette\AppData\Local\Google\Chrome\Application\42.0.2311.90\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ginette\AppData\Local\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ginette\AppData\Local\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Ginette\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-05-03]
CHR Extension: (HP Product Detection Plugin) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-12-05]
CHR Extension: (Adguard AdBlocker) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-03]
CHR Extension: (Adblock Plus) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-14]
CHR Extension: (Avast SafePrice) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-03-12]
CHR Extension: (AdBlock) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-12]
CHR Extension: (Bookmark Manager) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-08]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-09-12]
CHR Extension: (World of Solitaire) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2013-09-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Poppit!) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-09-12]
CHR Extension: (Quick Note) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-09-12]
CHR Extension: (Mahjong Solitaire) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2013-09-12]
CHR Extension: (Google Wallet) - C:\Users\Ginette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S4 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-03-11] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-24] () [File not signed]
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-03-11] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-03-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-03-11] (IBM Corp.)
S3 vvftav302; C:\Windows\System32\drivers\vvftav302.sys [301824 2007-03-18] (Vimicro Corporation)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM302.sys [1495936 2007-04-04] (Vimicro Corporation)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\drivers\CpqDfw.sys 2285B31039611D509F6120D691CA661F
C:\Windows\System32\drivers\cqcpu.sys 10FB0FF62AF6262BF88E3607E2AE2A69
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys D926F1C76A78A69A154187CEB487E863
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys CC279B89A16615B8DD13422544F6B478
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 063C09DB965E3DFD6F4F08416F6DB8F5
C:\Windows\System32\Drivers\ksecpkg.sys 1FA627E63195BF3BF636BFEF0D7190D4
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\System32\DRIVERS\MpFilter.sys FBA4CDA6B3B00D7A116DCC2B5C7E9790
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 8F320BAF24A8F9252980C64349822B9D
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys E10B84385C3FEEF4BDE8E6A980535522
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys D41D8CD98F00B204E9800998ECF8427E
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys A6E374A5D7E0862CE5B424FCFE593B82
C:\Windows\System32\Drivers\RapportKE64.sys 286E05506DAF87AA4CEE61732B3D87D3
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 6DBA44C6D9B9BF5F271F87CA40EE106B
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ss_bus.sys D21FF3592DAEE244EE8376830A672B52
C:\Windows\System32\DRIVERS\ss_mdfl.sys 451DB3D10E6112E06B4506D4A7BECEC1
C:\Windows\System32\DRIVERS\ss_mdm.sys EF40C8A268A5263A0EF48FED8E57CBED
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vvftav302.sys 0186CCF2557F71F8B7B26BB43EA8846B
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\usbVM302.sys 6E53D1058B900443949C69EC6215D98F

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 20:19 - 2015-04-18 20:19 - 00000512 _____ () C:\Users\Ginette\Desktop\MBR.dat
2015-04-18 16:15 - 2015-04-18 16:15 - 00002172 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-04-18 12:38 - 2015-04-18 12:38 - 00004482 _____ () C:\Users\Ginette\Desktop\AdwCleaner[R12].txt
2015-04-18 09:40 - 2015-04-18 09:40 - 00000712 _____ () C:\Users\Ginette\Desktop\JRT.txt
2015-04-18 09:36 - 2015-04-18 09:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GINETTE-HP-Windows-7-Home-Premium-(64-bit).dat
2015-04-18 09:36 - 2015-04-18 09:36 - 00000000 ____D () C:\RegBackup
2015-04-18 09:35 - 2015-04-17 12:14 - 02686254 _____ (Thisisu) C:\Users\Ginette\Desktop\JRT_NEW.exe
2015-04-18 09:21 - 2015-04-18 09:21 - 00000000 ___HD () C:\OneDriveTemp
2015-04-18 00:13 - 2015-04-18 20:19 - 00004466 _____ () C:\Users\Ginette\Desktop\aswMBR.txt
2015-04-17 22:51 - 2015-04-19 15:26 - 00000000 ____D () C:\FRST
2015-04-17 22:25 - 2015-04-17 22:25 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-17 22:25 - 2015-04-17 22:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 22:25 - 2015-04-17 22:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-17 22:23 - 2015-04-17 22:24 - 00243312 _____ () C:\Users\Ginette\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-17 22:10 - 2015-04-17 22:10 - 02217984 _____ () C:\Users\Ginette\Desktop\adwcleaner_4.201.exe
2015-04-17 22:09 - 2015-04-17 22:09 - 05200384 _____ (AVAST Software) C:\Users\Ginette\Desktop\aswmbr.exe
2015-04-17 22:07 - 2015-04-17 22:07 - 00003048 _____ () C:\Windows\System32\Tasks\{6A9B83D6-0134-410A-985C-8C942B26B5B7}
2015-04-16 20:45 - 2015-04-16 20:35 - 02097664 _____ (Farbar) C:\Users\Ginette\Desktop\FRST64.exe
2015-04-16 08:51 - 2015-04-16 08:51 - 00000000 ____D () C:\Users\Ginette\Desktop\books 2
2015-04-15 14:54 - 2015-04-15 14:54 - 00000000 ____D () C:\Users\Ginette\Documents\My Books
2015-04-15 07:57 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 07:57 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 07:57 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 07:57 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 07:57 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 07:57 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 07:57 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 07:57 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 07:57 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 07:57 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 07:56 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 07:56 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 07:56 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 07:56 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 07:56 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 07:56 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 07:56 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 07:56 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 07:56 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 07:56 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 07:56 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 07:56 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 07:56 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 07:56 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 07:56 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 07:56 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 07:56 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 07:56 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 07:56 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 07:56 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 07:56 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 07:56 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 07:56 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 07:56 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 07:56 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:56 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 07:56 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 07:56 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:56 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:56 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 07:56 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 07:56 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 07:56 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 07:56 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 07:56 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 07:55 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 07:55 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 07:53 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 07:53 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 07:53 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 07:53 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 07:53 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 07:53 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 07:53 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 07:53 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 07:53 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 07:53 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 07:53 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 07:53 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 07:53 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 07:53 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 07:53 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 07:53 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 07:53 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 07:53 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 07:53 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 07:53 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 07:53 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 07:53 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 07:53 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 07:53 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 07:53 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 07:53 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 07:53 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 07:53 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 07:53 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 07:53 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 07:53 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 07:53 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 07:53 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 07:53 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 07:53 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 07:53 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 07:53 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 07:53 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 07:53 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 07:53 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 07:53 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 07:53 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 07:53 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 07:53 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 07:53 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 07:53 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 07:53 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 07:53 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 07:53 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 07:53 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 07:53 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 07:53 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 07:53 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 07:53 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 07:53 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 07:53 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 07:53 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 07:53 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 07:53 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 07:52 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 07:52 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 07:52 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-12 14:37 - 2015-04-12 14:37 - 00000000 ____D () C:\Users\Ginette\Library
2015-04-12 14:37 - 2015-04-12 14:37 - 00000000 ____D () C:\ProgramData\kinoma
2015-04-12 14:36 - 2015-04-12 14:36 - 00002261 _____ () C:\Users\Public\Desktop\Reader Library.lnk
2015-04-12 14:36 - 2015-04-12 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader
2015-04-12 14:36 - 2015-04-12 14:36 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-10 09:32 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-10 09:32 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-10 09:32 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-10 09:31 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-09 12:36 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-09 12:35 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-08 21:50 - 2015-04-08 21:50 - 00000016 _____ () C:\Windows\system32\rcores64.dat.szfi
2015-04-08 21:50 - 2015-04-08 21:50 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-04-08 21:50 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-04-08 21:50 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-04-08 21:50 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-04-08 21:50 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-04-08 21:50 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-04-08 21:50 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-04-08 21:50 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-04-08 21:50 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-04-08 21:50 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-04-08 21:50 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-04-08 21:50 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-04-08 21:50 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-04-08 21:50 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-08 21:50 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-04-08 21:50 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-08 21:47 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-08 21:47 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-04-08 21:47 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-04-08 21:47 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-04-08 21:41 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 21:41 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 21:41 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 21:41 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 21:41 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 21:41 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 21:41 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 21:41 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 21:16 - 2015-04-08 21:16 - 00347816 _____ (Microsoft Corporation) C:\Users\Ginette\Downloads\MicrosoftFixit.Devices.Run (1).exe
2015-04-08 21:15 - 2015-04-08 21:15 - 00000000 _____ () C:\Users\Ginette\Downloads\Unconfirmed 568903.crdownload
2015-04-08 21:14 - 2015-04-08 21:14 - 00347816 _____ (Microsoft Corporation) C:\Users\Ginette\Downloads\MicrosoftFixit.Devices.Run.exe
2015-04-05 03:17 - 2015-04-05 03:20 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:17 - 2015-04-05 03:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-25 19:27 - 2015-03-25 19:27 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Ginette\Downloads\mbam-setup-majorgeeks-2.1.4.1018.exe
2015-03-18 19:43 - 2015-03-18 19:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 19:41 - 2015-03-18 19:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Ginette\Downloads\mbam-setup-majorgeeks-2.0.4.1028.exe
2015-03-14 23:30 - 2015-03-14 23:30 - 00317653 _____ () C:\Users\Ginette\Downloads\Lippman, Laura-After I'm Gone (1).epub
2015-03-14 23:29 - 2015-03-14 23:29 - 00317653 _____ () C:\Users\Ginette\Downloads\Lippman, Laura-After I'm Gone.epub
2015-03-14 23:25 - 2015-03-14 23:25 - 00333528 _____ () C:\Users\Ginette\Downloads\Lippman, Laura-Charm City.epub
2015-03-14 23:24 - 2015-03-14 23:24 - 00509780 _____ () C:\Users\Ginette\Downloads\Parrish, P.J.-A Thousand Bones.epub
2015-03-14 23:22 - 2015-03-14 23:22 - 00330117 _____ () C:\Users\Ginette\Downloads\Lippman, Laura-I'd Know You Anywhere- A Novel.epub
2015-03-14 11:04 - 2015-03-14 11:04 - 00525207 _____ () C:\Users\Ginette\Downloads\Palmer, Michael-Side Effects.epub
2015-03-14 11:00 - 2015-03-14 11:00 - 00411356 _____ () C:\Users\Ginette\Downloads\Haig, Brian-The Night Crew.epub
2015-03-14 10:58 - 2015-03-14 10:58 - 00384726 _____ () C:\Users\Ginette\Downloads\Arlidge, M. J.-Eeny Meeny (Helen Grace #1).epub
2015-03-14 10:56 - 2015-03-14 10:56 - 00325517 _____ () C:\Users\Ginette\Downloads\Zafiro, Frank-Some Degree of Murder.epub
2015-03-14 10:55 - 2015-03-14 10:55 - 00543081 _____ () C:\Users\Ginette\Downloads\Green, Sally-Half Bad.epub
2015-03-14 10:52 - 2015-03-14 10:52 - 00444542 _____ () C:\Users\Ginette\Downloads\Arlidge, M. J.-Pop Goes the Weasel (Helen Grace,#2)..epub
2015-03-12 11:03 - 2015-03-12 11:03 - 02494560 _____ (Trend Micro Inc.) C:\Users\Ginette\Downloads\HousecallLauncher64 (1).exe
2015-03-11 09:54 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:54 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:54 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:54 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:54 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 09:54 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 09:54 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 09:54 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 09:54 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:54 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 09:53 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 09:53 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:53 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 09:53 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:53 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:53 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:53 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:53 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:53 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:53 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:53 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:53 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:53 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:53 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:53 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:53 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:53 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:53 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 09:53 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 09:53 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 09:53 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 09:53 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 09:53 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 09:53 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 09:53 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:53 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:51 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 09:51 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:51 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:51 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 09:50 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:50 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:50 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 09:50 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:50 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:50 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 09:49 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:49 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-08 11:13 - 2015-03-08 11:13 - 00003636 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2015-03-08 11:12 - 2011-06-08 18:35 - 00778088 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMa011.dll
2015-03-07 23:16 - 2015-03-07 23:16 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\Ludia
2015-03-07 23:16 - 2015-03-07 23:16 - 00000000 ____D () C:\ProgramData\Ludia
2015-03-07 23:12 - 2015-03-07 23:15 - 186552301 _____ (Games ) C:\Users\Ginette\Downloads\FantasticJourney.exe
2015-03-07 21:12 - 2015-03-07 21:12 - 00001272 _____ () C:\Users\Public\Desktop\NCH Software.lnk
2015-03-07 21:12 - 2015-03-07 21:12 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
2015-03-07 21:12 - 2015-03-07 21:12 - 00001140 _____ () C:\Users\Public\Desktop\Express Zip.lnk
2015-03-07 21:12 - 2015-03-07 21:12 - 00000000 ____D () C:\ProgramData\NCH Software
2015-03-07 21:12 - 2015-03-07 21:12 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-03-07 21:08 - 2015-03-07 21:08 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\QuickZip
2015-03-07 20:43 - 2015-03-07 20:43 - 01182190 _____ () C:\Users\Ginette\Downloads\7z938.exe
2015-03-07 20:11 - 2015-03-07 20:11 - 01376768 _____ () C:\Users\Ginette\Downloads\7z920-x64.msi
2015-03-07 19:23 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-03-03 16:39 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:39 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:39 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:39 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-26 11:35 - 2015-02-26 11:35 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\WinRAR
2015-02-24 23:29 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 23:29 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-21 16:40 - 2015-02-21 16:40 - 00000000 ____D () C:\Users\Ginette\Desktop\taxes
2015-02-21 16:20 - 2015-02-21 16:20 - 00002127 _____ () C:\Users\Public\Desktop\StudioTax 2014.lnk
2015-02-21 16:20 - 2015-02-21 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2014
2015-02-21 16:17 - 2015-02-21 16:18 - 31204544 _____ (BHOK IT Consulting) C:\Users\Ginette\Downloads\StudioTax2014Install (1).exe
2015-02-20 16:11 - 2015-02-20 16:11 - 00391927 _____ () C:\Users\Ginette\Downloads\Balog, Cyn-Touched.epub
2015-02-19 21:39 - 2015-02-20 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Masque Games
2015-02-19 21:39 - 2015-02-20 00:00 - 00000000 ____D () C:\Program Files (x86)\Masque IGT Slots Lucky Larry's Lobstermania
2015-02-19 21:26 - 2015-02-20 00:00 - 00000000 ____D () C:\Program Files (x86)\IGT Slots Fire Rubies
2015-02-19 21:20 - 2015-02-20 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extractor
2015-02-19 21:20 - 2015-02-19 21:20 - 00000000 ____D () C:\Program Files (x86)\Media Freeware
2015-02-18 16:10 - 2015-02-18 16:10 - 00282950 _____ () C:\Users\Ginette\Downloads\Smart, Elizabeth-My Story.epub
2015-02-18 16:09 - 2015-02-18 16:09 - 01137716 _____ () C:\Users\Ginette\Downloads\Picoult, Jodi-Leaving Time.epub
2015-02-18 16:06 - 2015-02-18 16:06 - 06316371 _____ () C:\Users\Ginette\Downloads\Kyle, Chris & McEwen, Scott & Defelice, Jim-American Sniper.epub
2015-02-18 16:05 - 2015-02-18 16:05 - 00523253 _____ () C:\Users\Ginette\Downloads\Strayed, Cheryl-Wild.epub
2015-02-18 16:05 - 2015-02-18 16:05 - 00523253 _____ () C:\Users\Ginette\Downloads\Strayed, Cheryl-Wild (1).epub
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-02-15 19:04 - 2015-02-15 19:04 - 00239235 _____ () C:\Users\Ginette\Downloads\Hill, Gerri-The Target.epub
2015-02-14 09:45 - 2015-03-15 23:21 - 00000000 ____D () C:\Users\Ginette\Desktop\books
2015-02-14 00:10 - 2015-02-14 00:11 - 31204544 _____ (BHOK IT Consulting) C:\Users\Ginette\Downloads\StudioTax2014Install.exe
2015-02-13 16:38 - 2015-02-13 16:38 - 00017065 _____ () C:\Users\Ginette\Downloads\lynda la plante above suspicion.torrent
2015-02-13 08:38 - 2015-02-13 08:39 - 05611771 _____ (Swearware) C:\Users\Ginette\Downloads\ComboFix.exe
2015-02-13 08:37 - 2015-02-13 08:37 - 02112512 _____ () C:\Users\Ginette\Downloads\AdwCleaner (1).exe
2015-02-11 00:20 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 00:17 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 00:17 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 00:16 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 00:16 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-04 12:23 - 2015-02-04 12:23 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-02-04 12:13 - 2015-02-04 12:13 - 00869536 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-01-28 10:10 - 2015-04-08 12:12 - 00000000 ____D () C:\Windows\Minidump
2015-01-22 22:40 - 2015-02-05 20:59 - 00000000 ____D () C:\Program Files (x86)\StatProc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 15:26 - 2012-05-06 21:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 15:23 - 2012-04-11 21:35 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 15:23 - 2011-09-24 11:37 - 02015392 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 10:00 - 2012-04-11 21:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 01:05 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 01:05 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 20:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-18 20:23 - 2011-09-24 13:18 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17B00785-F858-49EC-BE83-1220FE594171}
2015-04-18 20:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 20:21 - 2009-07-14 00:51 - 00149184 _____ () C:\Windows\setupact.log
2015-04-18 20:16 - 2014-08-23 12:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-18 20:13 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-18 20:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-18 16:15 - 2012-05-06 21:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-18 16:15 - 2012-05-06 21:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-18 16:15 - 2011-09-24 22:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-18 12:37 - 2014-01-25 23:59 - 00000000 ____D () C:\AdwCleaner
2015-04-18 09:37 - 2014-03-03 23:40 - 00000000 ___RD () C:\Users\Ginette\OneDrive
2015-04-18 09:22 - 2014-04-03 23:07 - 00000000 ___RD () C:\Users\Ginette\Dropbox
2015-04-18 09:22 - 2014-04-03 23:04 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\Dropbox
2015-04-18 06:28 - 2014-10-23 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-04-18 00:14 - 2011-10-13 19:45 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\uTorrent
2015-04-17 23:36 - 2011-09-24 11:39 - 00000000 ____D () C:\Users\Ginette
2015-04-17 23:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-17 22:40 - 2012-04-11 21:34 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-17 22:25 - 2013-06-25 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-17 07:49 - 2015-01-05 15:09 - 00000016 _____ () C:\Windows\system32\mrt.exe.szfi
2015-04-16 20:44 - 2009-07-14 01:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 10:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 08:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 23:43 - 2011-09-24 22:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 23:42 - 2011-02-11 13:15 - 00780800 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:40 - 2013-08-15 00:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 23:34 - 2011-10-01 11:30 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 20:39 - 2012-09-02 15:51 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGinette
2015-04-15 20:39 - 2012-09-02 15:51 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForGinette.job
2015-04-15 11:01 - 2015-01-05 12:05 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2015-04-15 08:52 - 2015-01-14 12:58 - 00000000 ____D () C:\Users\Ginette\Documents\recipes 2015
2015-04-13 11:45 - 2009-07-14 00:45 - 00419928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 22:48 - 2011-10-13 20:03 - 00000000 ____D () C:\Users\Ginette\Calibre Library
2015-04-12 13:39 - 2011-09-25 21:01 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-12 13:38 - 2011-10-30 07:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-04-09 13:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 21:56 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-08 21:51 - 2014-12-11 08:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 21:51 - 2014-05-06 23:29 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 21:49 - 2011-06-28 20:34 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-08 12:12 - 2011-06-28 21:28 - 00317504 ____N () C:\Windows\Minidump\040815-16660-01.dmp
2015-04-05 03:20 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-04 21:06 - 2014-01-27 16:16 - 00933888 ___SH () C:\Users\Ginette\Desktop\Thumbs.db
2015-04-01 16:40 - 2012-05-03 11:26 - 00003222 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGINETTE-HP$
2015-04-01 16:40 - 2012-05-03 11:26 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForGINETTE-HP$.job
2015-04-01 13:50 - 2015-01-05 11:06 - 00007464 _____ () C:\Windows\SysWOW64\Drivers\kgpfr2.cfg
2015-03-26 06:54 - 2010-11-20 23:47 - 01454306 _____ () C:\Windows\PFRO.log
2015-03-25 20:09 - 2014-11-06 09:50 - 00000000 ____D () C:\Windows\CD95F661A5C444F5A6AAECDD91C240E5.TMP
2015-03-25 12:01 - 2011-06-28 21:28 - 00317504 ____N () C:\Windows\Minidump\032515-23306-01.dmp

==================== Files in the root of some directories =======

2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Ginette\AppData\Roaming\RTXBODM
2014-12-30 23:48 - 2014-12-30 23:48 - 0000098 _____ () C:\Users\Ginette\AppData\Roaming\settings.xml
2014-11-06 10:49 - 2014-11-06 10:49 - 0000044 _____ () C:\Users\Ginette\AppData\Roaming\WB.CFG
2013-09-11 23:44 - 2015-03-12 11:12 - 0102646 _____ () C:\Users\Ginette\AppData\Local\ars.cache
2013-09-11 23:44 - 2015-03-12 11:12 - 1585764 _____ () C:\Users\Ginette\AppData\Local\census.cache
2013-08-13 20:27 - 2013-08-13 20:27 - 0000095 _____ () C:\Users\Ginette\AppData\Local\fusioncache.dat
2013-09-11 23:27 - 2013-09-11 23:27 - 0000036 _____ () C:\Users\Ginette\AppData\Local\housecall.guid.cache
2013-07-05 13:26 - 2013-07-05 19:38 - 0011774 _____ () C:\Users\Ginette\AppData\Local\HWVendorDetection.log
2014-05-04 11:49 - 2014-05-04 11:49 - 0000010 _____ () C:\Users\Ginette\AppData\Local\sponge.last.runtime.cache
2012-07-07 12:34 - 2012-07-07 12:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-09-24 19:48 - 2014-01-19 11:05 - 0010738 _____ () C:\ProgramData\hpzinstall.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\SysWOW64\WUDFHost.exe
C:\Windows\System32\D3DCompiler_43.dll
C:\Windows\System32\d3dx9_43.dll
C:\Windows\System32\igdumd32.dll
C:\Windows\System32\igdumdx32.dll
C:\Windows\System32\sirenacm.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-15 08:31

==================== End Of Log ============================


  • 0

#20
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

And here is the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by Ginette at 2015-04-19 15:27:04
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Big City Adventure London Premium Edition 1.00 (HKLM-x32\...\Big City Adventure London Premium Edition 1.00) (Version:  - )
Big City Adventure Sydney, Australia 1.00 (HKLM-x32\...\Big City Adventure Sydney, Australia 1.00) (Version:  - )
Big City Adventure Tokyo 1.00 (HKLM-x32\...\Big City Adventure Tokyo 1.00) (Version: 1.00 - Games)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.4 - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bubble Town (HKLM-x32\...\Bubble Town1.1) (Version: 1.1 - Adnan_Boy 2008)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KFC ChatXchange 1.1 (HKLM-x32\...\{4164EDF1-F038-4F68-B6AA-D9DE0675ED11}) (Version: 1.0.0 - LiveXchange)
Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
magicJack (HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.84 - Trusteer) Hidden
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
StudioTax 2010 (HKLM-x32\...\{417C420A-A3A2-4166-BFBF-7DF5826F7C05}) (Version: 6.0.6.0 - BHOK IT Consulting)
StudioTax 2011 (HKLM\...\{AB843D20-AB40-4128-B342-DD0E6DF33C82}) (Version: 7.0.1.0 - BHOK IT Consulting)
StudioTax 2012 (HKLM-x32\...\{1C31860F-F463-4E17-9D1C-A4654C86CBD9}) (Version: 8.0.6.2 - BHOK IT Consulting)
StudioTax 2013 (HKLM-x32\...\{2F718BA2-CDAB-47F0-84ED-646F8EDD5D90}) (Version: 9.1.6.0 - BHOK IT Consulting)
StudioTax 2014 (HKLM-x32\...\{7ECEB694-CC1D-4ECA-A175-A6119ECE0944}) (Version: 10.0.2.0 - BHOK IT Consulting)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.84 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ginette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

09-04-2015 22:49:53 Windows Update
10-04-2015 23:43:38 Windows Update
12-04-2015 14:35:52 Installed Reader Library by Sony.
15-04-2015 07:58:07 Windows Update
15-04-2015 15:09:34 Removed Java 7 Update 51
15-04-2015 15:10:29 Removed Java 7 Update 60 (64-bit)
15-04-2015 23:30:09 Windows Update
17-04-2015 22:05:05 Removed STOPzilla
17-04-2015 22:58:02 Restore Point Created by FRST
17-04-2015 23:32:37 Restore Operation
18-04-2015 06:26:47 Installed Rapport
18-04-2015 20:08:00 ginette

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-18 20:13 - 00440918 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0426528F-B7ED-4945-BC73-1C1E75E7533A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {081306D4-8DDA-43C9-9058-87529E368482} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Detection_PostWarrantyAlert => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {11CC7AEF-0C1C-4AD9-9753-E1F46AB55A01} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {11DCCD08-797F-4666-8AC9-D9D2A61520CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {16F5C330-C5F6-4E70-8CDB-4EBAEBCA463A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {1E550349-0421-4093-952B-9E2B6DA98C0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {22F9A66C-2561-4478-9D56-021F9948C8EB} - System32\Tasks\{6A9B83D6-0134-410A-985C-8C942B26B5B7} => pcalua.exe -a C:\BTGUARD\Uninstal.exe
Task: {5F3D27E6-2218-4032-8FDD-1AA74E836959} - System32\Tasks\HPCeeScheduleForGinette => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {68977420-5024-413F-A37F-3B68EE067F56} - System32\Tasks\HPCeeScheduleForGINETTE-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6D273318-290A-45D8-8716-8EF1663EF2E4} - System32\Tasks\{BF94A88D-3190-4E85-8EB2-A7CA363C6E83} => pcalua.exe -a C:\Users\Ginette\Documents\RK_DriverAssitant\Release_DriverAssitant\DriverInstall.exe -d C:\Users\Ginette\Documents\RK_DriverAssitant\Release_DriverAssitant
Task: {74A892D8-47DF-494F-A050-636813533571} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {7903EA5E-071D-496B-929E-CC38F25785E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A116174-8613-4BF0-9221-D7D83E90493A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {86C2FC06-5B03-44A3-8200-B69C838471D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {8D5A32C0-0EA2-4F73-A0BB-C665542B0066} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {9AE0DE71-555F-48A1-BF33-0C2AE4039247} - System32\Tasks\{E0E0E169-16E0-44BA-BB0B-695A2B3E8B80} => pcalua.exe -a F:\setup.exe -d F:\
Task: {9D0A6F15-DC52-47D7-A65C-AC819C3EE2BF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()
Task: {9E3927FD-99C9-4092-91F3-2AF5BD1884FA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A0D5B318-1AAC-4792-9D3B-71C0F278201A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ABC39818-04CD-4493-83DD-16B2CE87E5E3} - System32\Tasks\{49A826F3-6C51-4B72-828E-61C149AD9A81} => C:\Users\Ginette\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-02-01] (magicJack L.P.)
Task: {AFC3E0F0-0068-4618-BD6A-8EF88A77E2A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B1847226-AC94-4D7D-A118-BA929CB571F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B6323051-0946-4E76-B083-7E7B636BAF57} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BAE46588-400B-4E8B-8665-EF4822212705} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {CD0CFEA5-626D-4E62-9A62-65E7E33951EF} - \{2D945EC9-D406-4CE0-9DD5-795A8A34991D} No Task File <==== ATTENTION
Task: {F01006BB-D8CE-4B4D-9B55-40D8C9663A21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGINETTE-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGinette.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-07 21:12 - 2015-03-07 21:12 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2011-06-08 17:57 - 2011-06-08 17:57 - 02812776 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-04-18 20:22 - 2015-04-18 20:22 - 00043008 _____ () c:\windows\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph1mtv4.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Ginette\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Ginette\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Ginette\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Ginette\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-15 13:00 - 2014-04-04 12:26 - 00371712 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2014-11-15 13:00 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2010-07-13 01:28 - 2010-07-13 01:28 - 00856064 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll
2010-07-13 01:13 - 2010-07-13 01:13 - 00033792 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00233472 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00020480 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll
2010-04-02 21:23 - 2010-04-02 21:23 - 00815104 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll
2010-07-13 01:16 - 2010-07-13 01:16 - 00118784 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll
2010-07-13 01:22 - 2010-07-13 01:22 - 00009728 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll
2010-07-13 01:26 - 2010-07-13 01:26 - 00018432 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll
2010-07-13 01:15 - 2010-07-13 01:15 - 00010240 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00008704 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00028160 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll
2010-07-13 01:25 - 2010-07-13 01:25 - 00011776 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
2010-04-02 20:44 - 2010-04-02 20:44 - 00086016 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll
2010-07-13 01:29 - 2010-07-13 01:29 - 00143360 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll
2010-07-13 01:10 - 2010-07-13 01:10 - 00172032 _____ () C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ginette\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

==================== Accounts: =============================

Administrator (S-1-5-21-3037352765-1606511786-2657095333-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3037352765-1606511786-2657095333-1051 - Limited - Enabled)
Ginette (S-1-5-21-3037352765-1606511786-2657095333-1000 - Administrator - Enabled) => C:\Users\Ginette
Guest (S-1-5-21-3037352765-1606511786-2657095333-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3037352765-1606511786-2657095333-1243 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2015 08:23:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x2d8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:49:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x15f0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:31:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0xf04
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:29:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x15b4
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:29:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x1098
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:17:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x13c8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:17:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x7cc
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:17:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0xba0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/18/2015 09:17:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 37.0.1.5570, time stamp: 0x551e1534
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0x150
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (04/17/2015 10:58:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary szkg5.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (04/19/2015 00:08:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.3573.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/19/2015 09:27:28 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.3573.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/18/2015 08:31:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.195.3573.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.7.0205.00

    Source Path: 4.7.0205.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/18/2015 08:31:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (04/18/2015 08:31:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/18/2015 08:22:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/18/2015 08:22:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (04/18/2015 08:22:16 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070005

    Error description: Access is denied.

    Reason: %%892

Error: (04/18/2015 08:21:42 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Server service depends the following service: SamSS. This service might not be installed.

Error: (04/18/2015 08:21:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error:
%%1075


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6800 @ 3.33GHz
Percentage of memory in use: 23%
Total physical RAM: 4061.24 MB
Available physical RAM: 3090.05 MB
Total Pagefile: 8120.68 MB
Available Pagefile: 6267.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.44 GB) (Free:819.06 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.97 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (STORE N GO) (Removable) (Total:29.93 GB) (Free:29.93 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 72FBC7EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 29.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.9 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#21
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello ginnyjoe, and thank you for your patience.  I needed to consult with some colleagues about your system.
 
Let's take this one step at a time.  If something doesn't work, if you get stuck, or if you have any questions, please stop and let me know. :D
 
With no internet access on the infected machine, we'll need to again use your trusty USB stick.  Please download the following files to it:

Eject the USB stick and plug it into the infected computer.  Copy the 4 above files to your Desktop.
 
First
Uninstall a program:
 
You have a Development version of Chrome installed, and this version can install extensions by itself without any user interaction whatsoever.
 
Go to the Control Panel > Uninstall a program or Programs and Features, and uninstall the following programs:

  • Google Chrome
  • KFC ChatXchange 1.1
  • McAfee Security Scan Plus

You can install Google Chrome again after I've told you that your computer is clean.
 
Second

Create registry backups using Tweaking.com's Registry Backup

  • Download Tweaking.com - Registry Backup from here: http://www.tweaking....ry_backup.htmll
  • Double click on downloaded tweaking.com_registry_backup_setup.exe file to install the program.
  • Open the installed program.
  • Click on Backup Now button to create first manual backup:
    p22002854.gif
     
  • Now adjust some settings...
  • Click on Settings tab:
    p22002855.gif
     
  • By default the program will keep 5 backups.  I suggest 10.
  • Now click on Create Schedule button.

By doing so the program will automatically create new Windows task, which will create fresh registry backup on every logon.
If you power your computer on more then once every day and you want to have just one daily registry backup click on Open Advanced Settings button and put checkmark in Only Do 1 Auto Backup Per Day.

 

Third
Registry Modifications
 
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing. Please follow the steps that are listed below exactly. If you cannot preform some of these steps, or if you have any questions please ask before proceeding.
 
Double-click on the RegFix.reg file on your Desktop to merge it into the Registry.  Agree to any acknowledgement prompts.
 
Restart the computer.

Fourth
Run a FRST Fix

  • Make sure that FRST64.exe is on the Desktop, and the fixlist.txt I created is located there as well.

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
     
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Fifth
Besides posting the Fixlog.txt file, let me know if you have your Internet access back, and if you are still seeing the browser redirects.


  • 0

#22
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, small update to my last post.  Before my First step it says there are 4 files.  There are really only 2.

 

There are 2 also links for the servicesFix.reg file.  Either one will work. :)


  • 0

#23
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

I don't understand why I cannot copy and paste. Can only attach. The internet is back but can only run browser as administrator. I will post the log as an attachment. Hope that is ok.

Attached Files


  • 0

#24
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Which computer cannot copy&paste?  This infected Windows 7 computer or the other Windows 8 one?

 

Did you uninstall all the programs listed?  

 

 

Regarding running the web browser as administrator:

  • Which web browser can only be run as Administrator?
  • Is this in Normal Windows, Safe Mode, or both?
  • Maybe you are getting the UAC prompt?
  • Please explain in more detail what you mean.

 

Just a reminder, please don't install/uninstall any other software until I tell you the system is clean.

 

In the meantime I'll post your fixlog.txt...

 

---------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2015 01
Ran by Ginette at 2015-04-22 12:09:31 Run:2
Running from C:\Users\Ginette\Desktop
Loaded Profiles: Ginette (Available profiles: Ginette)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.
SearchScopes: HKLM -> {9465BC86-3F40-486B-BCCA-2BB4960A2B20} URL = http://www.amazon.ca...s={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: saaveRneet - C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Extensions\[email protected] [2015-04-17]
FF Extension: saVeron - C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Extensions\[email protected] [2015-04-17]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
2015-04-18 16:15 - 2015-04-18 16:15 - 00002172 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-04-08 21:50 - 2015-04-08 21:50 - 00000016 _____ () C:\Windows\system32\rcores64.dat.szfi
2015-04-17 22:07 - 2015-04-17 22:07 - 00003048 _____ () C:\Windows\System32\Tasks\{6A9B83D6-0134-410A-985C-8C942B26B5B7}
2015-04-19 15:26 - 2012-05-06 21:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 15:23 - 2012-04-11 21:35 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 10:00 - 2012-04-11 21:35 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-18 20:23 - 2011-09-24 13:18 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{17B00785-F858-49EC-BE83-1220FE594171}
2015-04-18 00:14 - 2011-10-13 19:45 - 00000000 ____D () C:\Users\Ginette\AppData\Roaming\uTorrent
2015-04-17 07:49 - 2015-01-05 15:09 - 00000016 _____ () C:\Windows\system32\mrt.exe.szfi
2015-04-15 11:01 - 2015-01-05 12:05 - 00000016 _____ () C:\Windows\system32\config\software.szfi
CustomCLSID: HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ginette\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0426528F-B7ED-4945-BC73-1C1E75E7533A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {22F9A66C-2561-4478-9D56-021F9948C8EB} - System32\Tasks\{6A9B83D6-0134-410A-985C-8C942B26B5B7} => pcalua.exe -a C:\BTGUARD\Uninstal.exe
Task: {6D273318-290A-45D8-8716-8EF1663EF2E4} - System32\Tasks\{BF94A88D-3190-4E85-8EB2-A7CA363C6E83} => pcalua.exe -a C:\Users\Ginette\Documents\RK_DriverAssitant\Release_DriverAssitant\DriverInstall.exe -d C:\Users\Ginette\Documents\RK_DriverAssitant\Release_DriverAssitant
Task: {74A892D8-47DF-494F-A050-636813533571} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-18] (Adobe Systems Incorporated)
Task: {86C2FC06-5B03-44A3-8200-B69C838471D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {9AE0DE71-555F-48A1-BF33-0C2AE4039247} - System32\Tasks\{E0E0E169-16E0-44BA-BB0B-695A2B3E8B80} => pcalua.exe -a F:\setup.exe -d F:\
Task: {AFC3E0F0-0068-4618-BD6A-8EF88A77E2A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {BAE46588-400B-4E8B-8665-EF4822212705} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {CD0CFEA5-626D-4E62-9A62-65E7E33951EF} - \{2D945EC9-D406-4CE0-9DD5-795A8A34991D} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
[2164] C:\Program Files\File Association Helper\FAHWindow.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\FAHConsole => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc. not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9465BC86-3F40-486B-BCCA-2BB4960A2B20}" => Key deleted successfully.
HKCR\CLSID\{9465BC86-3F40-486B-BCCA-2BB4960A2B20} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Extensions\[email protected] => Moved successfully.
C:\Users\Ginette\AppData\Roaming\Mozilla\Firefox\Profiles\07ifvjb6.default\Extensions\[email protected] => Moved successfully.
McComponentHostService => Service not found.
sbapifs => Service deleted successfully.
"C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => File/Directory not found.
"C:\ProgramData\McAfee Security Scan" => File/Directory not found.
"C:\Program Files (x86)\McAfee Security Scan" => File/Directory not found.
C:\Windows\system32\rcores64.dat.szfi => Moved successfully.
C:\Windows\System32\Tasks\{6A9B83D6-0134-410A-985C-8C942B26B5B7} => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\System32\Tasks\User_Feed_Synchronization-{17B00785-F858-49EC-BE83-1220FE594171} => Moved successfully.
C:\Users\Ginette\AppData\Roaming\uTorrent => Moved successfully.
C:\Windows\system32\mrt.exe.szfi => Moved successfully.
C:\Windows\system32\config\software.szfi => Moved successfully.
"HKU\S-1-5-21-3037352765-1606511786-2657095333-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0426528F-B7ED-4945-BC73-1C1E75E7533A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0426528F-B7ED-4945-BC73-1C1E75E7533A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22F9A66C-2561-4478-9D56-021F9948C8EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22F9A66C-2561-4478-9D56-021F9948C8EB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6A9B83D6-0134-410A-985C-8C942B26B5B7} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A9B83D6-0134-410A-985C-8C942B26B5B7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D273318-290A-45D8-8716-8EF1663EF2E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D273318-290A-45D8-8716-8EF1663EF2E4}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BF94A88D-3190-4E85-8EB2-A7CA363C6E83} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BF94A88D-3190-4E85-8EB2-A7CA363C6E83}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74A892D8-47DF-494F-A050-636813533571}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74A892D8-47DF-494F-A050-636813533571}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86C2FC06-5B03-44A3-8200-B69C838471D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86C2FC06-5B03-44A3-8200-B69C838471D2}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AE0DE71-555F-48A1-BF33-0C2AE4039247}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE0DE71-555F-48A1-BF33-0C2AE4039247}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E0E0E169-16E0-44BA-BB0B-695A2B3E8B80} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0E0E169-16E0-44BA-BB0B-695A2B3E8B80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFC3E0F0-0068-4618-BD6A-8EF88A77E2A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC3E0F0-0068-4618-BD6A-8EF88A77E2A3}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAE46588-400B-4E8B-8665-EF4822212705}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE46588-400B-4E8B-8665-EF4822212705}" => Key deleted successfully.
C:\Windows\System32\Tasks\arp_flush => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\arp_flush" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD0CFEA5-626D-4E62-9A62-65E7E33951EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD0CFEA5-626D-4E62-9A62-65E7E33951EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D945EC9-D406-4CE0-9DD5-795A8A34991D}" => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.


========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3037352765-1606511786-2657095333-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Wireless Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

========= End of CMD: =========


=========  netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 17.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:10:15 ====


  • 0

#25
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Firefox must be run as administrator. IE gives me this when I open, This page cannot be displayed. Turn on TLS 1.0, TLS1.1, TLS 1.2 in advanced setting and try connecting again. And I cannot copy and paste on either one. On my clean computer and this one. This is in normal windows. I don't know what UAC prompt is. Hope I made it more clear this time.nHope I don't have to format as I need a lot of this on here. Also I do have an external drive. Have not used it for a while. Before I use it again should I scan it first. After we are done with this first of course.


  • 0

Advertisements


#26
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello ginnyjoe,

 

UAC (User Account Control) is the method Windows uses to ask you for elevated privileges when running programs.  It's the pop-up prompt you see if you right-click on a program and select "Run as administrator". 

 

I can't explain why your copy&paste are not working just yet  There are too many possible reasons for this, and not all are malware-related.  Do keep in mind we're not finished here yet. :)

 

You could have software installed which is causing a conflict.  We'll address this a bit later if our tools don't end up restoring this functionality in the meantime.

 

I will be back with further steps, but I do have more questions in the meantime:

  1. I may have asked you this already, but when did the copy & paste problems first start on this computer?  On the other computer?
     
  2. Did you ever have any Windows clipboard protections programs installed?  Such programs might advertise that they can protect you from malicious web sites stealing the sensitive data on your Windows clipboard.  I think Norton can or does do this, and there may be others.
     
  3. What Anti-Virus/Anti-Spyware program(s) were you running before Microsoft Security Essentials?
     
  4. May I ask where your copy of Microsoft Office Enterprise 2007 came from?  Is it also installed on the other computer that also has copy & paste issues?  There could be a "Send to Bluetooth" add-in or similar causing an issue. 

 

Thank you for your patience. :D


  • 0

#27
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

On my HP it seems to be only when I am trying to copy logs into my reply with you and it seems to be the same with my windows 8 because I tried it just now and it works when I am doing just regular stuff.  Avast and Avg. Cannot remember which one was on the hp and which one was on windows 8. My sister gave me the office program.


  • 0

#28
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hi ginnyjoe,

 

Thanks for the answers.  :spoton:

  1. Does the content which you copied actually paste in the editor and not send?
  2. Does the content you copied not appear when you right-click and select Paste
  3. Or do you not even see Paste in the right-click menu?
  4. Is that version of Office on both the Windows 7 and Windows 8 machines?

You can try creating a test text file and then copying/pasting the contents back here.  Something may be detecting what is perceived as sensitive content, and therefore preventing it, but I'm only speculating at this point.  We should continue until the machine is clean and then sort out these other issues in the correct forum afterwards as needed.

 

I realize this must be frustrating for you.  :upset:

 

Let's proceed, shall we? :)

 

First

 

Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

  • Shut down your protection software now to avoid potential conflicts.  See here for more information.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Second

Run AdwCleaner
 

  • Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
  • Click the Cleaning button.
    AdwCleaner_Clean_zpsmn8bl7wa.png
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

 

Third

 

We need to reset your web browsers:

Reset Internet Explorer
NOTE: Your bookmarks/favorites should remain intact.  If you wish to back them up, information on Exporting/Importing your IE bookmarks can be found here.

  • Open Internet Explorer
  • Goto the Gear icon in the top right corner
  • Select Internet Options
  • Goto the Advanced tab
  • Select the Reset button
  • Enable "Delete personal Settings"
  • Click the Reset button
  • Close Internet Explorer
  • Reboot
  • The next time you open Internet Explorer, you will need to re-enable any add-ons you use, set your home page again, etc...


Reset Mozilla Firefox
NOTE: Your bookmarks will be lost.  If you wish to backup your Firefox bookmarks, see here.

  • Open Firefox
  • Goto the three stripes icon in the upper right corner, which looks like this: ChromeMenu_zpsr7fyk3vo.png
  • In the bottom right of the menu that opens, click on the Blue question mark
  • Select Troubleshooting Information in the menu
  • Click the Reset Firefox button
  • Confirm Reset Firefox again at the prompt
  • Note: Old data from Firefox will be placed on your Windows Desktop in a folder called Old Firefox data. Delete this folder.

 

 

Finally
In your next reply, please copy/paste the contents of the following logs:

  • JRT log
  • AdwCleaner

 

And tell me how the computer is running.  Are you still seeing the redirects?


  • 0

#29
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

I do not see paste in the menu at all. It is on windows 7 only, when I formatted 8 I have not put it back on as yet. I am posting this reply to your question and will do the next steps after this.


  • 0

#30
ginnyjoe

ginnyjoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 242 posts

Still cannot copy & paste. Did what you told me to do in firefox but there is no reset. There is a refresh and did that but it did not help, still have to open as administrator. Cannot get log of AdwCleaner. I do have it on the c drive but cannot get it to copy and paste. I am using IE, should I delete Firefox and how can I get the log for Adw. At this I am not being redirected to other sites so that is good.

Attached Files

  • Attached File  JRT.txt   602bytes   72 downloads

Edited by ginnyjoe, 23 April 2015 - 12:36 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP