This topic is locked
Thank you for looking at this and any assistance you can provide.
The PC is Win 7 Pro 32 bit and has a browser hijack - starting with Google Chrome.
I ran the latest Malwarebytes and it reported the following:
*****************************************************
PUP.Optional.ShoppingGate.A, C:\Users\RixV230.INTDOMAIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [df3494b8256553e3d5ebc038887b9b65],
PUP.Optional.ShoppingGate.A, C:\Users\RixV230.INTDOMAIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [3cd79ab25a306acc7f411adefa09768a],
*****************************************************
The hijack manifests itself by opening around 100 popup windows multiple windows - some with ransomware demands.
I quarantined the files in Malwarebytes and, for four days, nothing happened.
The hijack then re-appeared and Malwarebytes cannot find anything.
I have also run ADWcleaner. Like MBAM it has found issues (and removed them) but doesn't find anything now.
I have uninstalled Chrome.
I have run FRST - the logs are below.
Here is FRST.TXT
***********************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by rixv230 (administrator) on V230 on 17-04-2015 08:38:28
Running from C:\Users\RixV230.INTDOMAIN\Desktop
Loaded Profiles: rixv230 (Available profiles: DrRobin & rixv230 & Administrator & RixV230)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Matrox PowerDesk SE] => C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [4246784 2010-02-11] (Matrox Graphics Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459192 2011-12-12] (Hewlett-Packard Company)
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-1165442911-1284550553-3488898751-1157\...\Run: [KeyboardLeds.exe] => C:\Program Files\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-06] (KARPOLAN)
HKU\S-1-5-21-1165442911-1284550553-3488898751-1157\...\Run: [BitTorrent Sync] => C:\Program Files\BitTorrent Sync\BTSync.exe [1696104 2014-11-21] (BitTorrent, Inc.)
HKU\S-1-5-21-1165442911-1284550553-3488898751-1157\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt [1006 2015-04-17] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-04-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebIS Synchronization.lnk
ShortcutTarget: WebIS Synchronization.lnk -> C:\Program Files\WebISSync\iPISync.exe ()
Startup: C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First.ahk ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1165442911-1284550553-3488898751-1157\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll [2004-11-01] ()
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\..\Interfaces\{E946A09E-C1D6-4E75-B47A-4B5E46FA4FCD}: [NameServer] 10.0.0.3,4.4.4.4
FireFox:
========
FF ProfilePath: C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Mozilla\Firefox\Profiles\zqoay5qe.default-1428674349561
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-30] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Extension: CoupMania - C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Mozilla\Firefox\Profiles\zqoay5qe.default-1428674349561\Extensions\glvcjoywqbe_j_egjlo@yklkx_innegyiwszotx.edu [2015-04-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-27] (Adobe Systems) [File not signed]
S3 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S2 Matrox.Pdesk.ServicesHost; C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [344832 2010-02-11] (Matrox Graphics Inc)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [86096 2013-10-18] (VMware, Inc.)
S2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [358480 2013-10-18] (VMware, Inc.)
S2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721464 2013-10-09] (VMware, Inc.)
S2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437328 2013-10-18] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43192 2013-10-09] (VMware, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 MTXPSER; C:\Windows\System32\DRIVERS\mtxpserm.sys [1489920 2010-06-18] (Matrox Graphics Inc.)
S1 Mtxpserx; C:\Windows\System32\DRIVERS\Mtxpserx.sys [5504 2010-06-18] (Matrox Graphics Inc.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25808 2013-10-18] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2013-10-18] (VMware, Inc.)
S2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2013-10-18] (VMware, Inc.)
S2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-10-18] (VMware, Inc.)
S2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [65488 2013-10-18] (VMware, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-10-08] (VMware, Inc.)
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys 81F97D8F8B3FB94A451CC6F7CF8B2965
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcam.sys 4E8B12C9670C90B73745C675B31D4E1D
C:\Windows\System32\Drivers\dfsc.sys 0C1B2CC3733A4A5B8D6258E7B26EAD1A
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcmon.sys 7659F3C5434470541E96F7D5ACBEA74E
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 94B1FF5D243D34B31380A2F79FC48959
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\k57nd60x.sys 7EA81534E80570BDF6EE4A4248BBA4D6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4DAC97CF81FAE4B2988AEF0DF40D04AE
C:\Windows\System32\Drivers\ksecpkg.sys 9EED5E0B7BF784C491C2289A09920BDA
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19
C:\Windows\System32\DRIVERS\MpFilter.sys 7D2484C4995A3DB47345EFED2A0B579E
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys FFD09089BBBD94546821FD7F093F7427
C:\Windows\System32\DRIVERS\mrxsmb10.sys 348C882F66AE4E4C53025FDF1FFB1618
C:\Windows\System32\DRIVERS\mrxsmb20.sys 68E0C10F0917DB2DBA059D253116E7FA
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mtxpserm.sys 51DFF9466380CA0A01C44C5914587691
C:\Windows\System32\DRIVERS\Mtxpserx.sys CD39C9AA72F1FB31D2C447CC7138B82B
C:\Windows\System32\Drivers\mup.sys E7EB93F16956C1BE56CB9B865802F696
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 94B8279FC0E27A8253944DFA47FC4A83
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys B15D1178AD7AA2D4F32E88B68C7E2DA2
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys D644FFEA14778DDA59BDA8492BCED4B6
C:\Windows\system32\drivers\VMkbd.sys DE0998CA7A410FD14CC91EDF6706BE5C
C:\Windows\System32\DRIVERS\vmnetadapter.sys 872DE8E16A2821804D8E4EC76A1E38B4
C:\Windows\System32\DRIVERS\vmnetbridge.sys 2ECECADD1F5AE56F297B81F2AC464B03
C:\Windows\system32\drivers\vmnetuserif.sys 73842FF9876D8B444935D57524129FC2
C:\Windows\system32\Drivers\vmx86.sys 607BED5DB57328F17290276AC79529DE
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B26536ADD1D748CDA104D856C979AE79
C:\Windows\System32\DRIVERS\vpcnfltr.sys A0F7E923A6261760130F22B85DF9040E
C:\Windows\System32\DRIVERS\vpcusb.sys 5F4B55E91CE7E2523C9E1E0ECE858869
C:\Windows\System32\drivers\vpcvmm.sys B487191FE18D6863381A1AC55482469A
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 843081D296F617DDFAE4D70F2564C852
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== Three Months Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 08:26 - 2015-04-17 08:26 - 00000880 _____ () C:\Windows\PFRO.log
2015-04-17 08:26 - 2015-04-17 08:26 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 18:45 - 2015-04-17 08:28 - 00000000 ____D () C:\AdwCleaner
2015-04-16 18:45 - 2015-04-16 18:45 - 02217984 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\adwcleaner_4.201.exe
2015-04-16 18:44 - 2015-04-16 18:44 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-16 18:06 - 2015-04-16 18:06 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Desktop\FRST-OlderVersion
2015-04-13 11:37 - 2015-04-13 13:25 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Desktop\IDT printing
2015-04-13 11:09 - 2015-04-13 11:09 - 00032728 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\Addition.txt
2015-04-13 11:08 - 2015-04-17 08:38 - 00027649 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\FRST.txt
2015-04-13 11:08 - 2015-04-17 08:38 - 00000000 ____D () C:\FRST
2015-04-13 11:07 - 2015-04-16 18:06 - 01137152 _____ (Farbar) C:\Users\RixV230.INTDOMAIN\Desktop\FRST.exe
2015-04-13 10:11 - 2015-04-13 10:11 - 163800526 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\reg backup 130415-1.reg
2015-04-13 10:06 - 2015-04-13 10:06 - 00001444 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\malware130415-2.txt
2015-04-13 08:58 - 2015-04-13 08:58 - 00001464 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\malware130415.txt
2015-04-10 16:36 - 2015-04-10 16:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-10 15:56 - 2015-04-10 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2015-04-10 15:56 - 2015-04-10 15:57 - 00000000 ____D () C:\ProgramData\Macromedia
2015-04-10 15:56 - 2015-04-10 15:57 - 00000000 ____D () C:\Program Files\Macromedia
2015-04-10 15:56 - 2015-04-10 15:57 - 00000000 ____D () C:\Program Files\Common Files\Macromedia
2015-04-10 15:56 - 2015-04-10 15:56 - 00000000 ____D () C:\Windows\system32\QuickTime
2015-04-10 15:22 - 2015-04-16 18:43 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2015-04-10 14:59 - 2015-04-10 14:59 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Desktop\Old Firefox Data
2015-04-10 09:50 - 2015-04-10 09:50 - 00006421 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\malware100415.txt
2015-04-10 09:30 - 2015-04-10 09:30 - 00000000 ____D () C:\ProgramData\{58ed8f25-e816-ee93-58ed-d8f25e813c97}
2015-04-10 09:08 - 2015-04-16 17:57 - 00000020 _____ () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\appdataFr3.bin
2015-04-09 19:20 - 2015-04-10 09:51 - 00000000 ____D () C:\Program Files\Facebook Platinum
2015-04-09 19:20 - 2015-04-09 19:21 - 00000000 ____D () C:\ProgramData\15142443174115439949
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files\DealNoDeal
2015-04-08 10:52 - 2015-04-08 10:52 - 00002255 _____ () C:\Users\Public\Desktop\BrightPay UK 2015-16.lnk
2015-04-08 10:52 - 2015-04-08 10:52 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\HockeyApp
2015-04-08 10:52 - 2015-04-08 10:52 - 00000000 ____D () C:\ProgramData\Thesaurus Software Ltd
2015-04-08 10:51 - 2015-04-08 10:51 - 10789096 _____ (Microsoft Corporation) C:\Users\RixV230.INTDOMAIN\Desktop\BrightPay-UK-15.0.2-Install.exe
2015-04-08 08:50 - 2015-04-08 08:50 - 06196576 _____ (Tim Kosse) C:\Users\RixV230.INTDOMAIN\Downloads\FileZilla_3.10.3_win32-setup.exe
2015-04-07 08:34 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-07 08:34 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-07 08:34 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-07 08:34 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-07 08:34 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-07 08:34 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-07 08:34 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-07 08:34 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-07 08:34 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-07 08:34 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-07 08:34 - 2015-02-21 06:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-07 08:34 - 2015-02-21 06:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-07 08:34 - 2015-02-21 06:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-07 08:34 - 2015-02-21 06:31 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-07 08:34 - 2015-02-21 06:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-07 08:34 - 2015-02-21 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-07 08:34 - 2015-02-21 06:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-07 08:34 - 2015-02-21 06:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-07 08:34 - 2015-02-21 06:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-07 08:34 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-07 08:34 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-07 08:34 - 2015-02-21 05:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-04-07 08:34 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-07 08:34 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-07 08:34 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-07 08:34 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-07 08:34 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-07 08:34 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-07 08:34 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-07 08:34 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-07 08:34 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-07 08:34 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-07 08:34 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-07 08:34 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-07 08:34 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-07 08:34 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-07 08:34 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-07 08:34 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-07 08:34 - 2015-01-31 04:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-07 08:34 - 2015-01-31 04:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-04-07 08:34 - 2015-01-31 01:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-07 08:34 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-07 08:34 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-07 08:34 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-07 08:34 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-07 08:34 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-07 08:33 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-07 08:33 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-07 08:33 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-07 08:33 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-07 08:33 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-07 08:33 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-07 08:33 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-01 10:24 - 2015-04-01 10:24 - 00002255 _____ () C:\Users\Public\Desktop\BrightPay UK 2014-15.lnk
2015-03-16 15:32 - 2015-03-16 15:32 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Tracing
2015-03-09 12:08 - 2015-04-10 16:53 - 00063500 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\phonebook.xml
2015-03-06 17:42 - 2015-03-06 17:42 - 06208736 _____ (Tim Kosse) C:\Users\RixV230.INTDOMAIN\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-02 14:30 - 2015-03-02 15:03 - 00041472 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\arraytest1.xls
2015-03-02 09:44 - 2015-03-02 09:44 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\HP
2015-02-24 13:28 - 2014-08-14 13:12 - 00427008 _____ (www.ipcom.at) C:\Windows\system32\siptapi.tsp
2015-02-24 13:26 - 2015-02-24 13:26 - 01607735 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\siptapi-0.2.17_Debug+Release.zip
2015-02-24 13:26 - 2015-02-24 13:26 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Desktop\deploy
2015-02-20 18:27 - 2015-04-10 10:52 - 00000000 ____D () C:\ProgramData\{fc804906-d02f-6f6b-fc80-04906d02241b}
2015-02-20 09:53 - 2015-02-20 09:53 - 00000608 ___SH () C:\Windows\system32\winzvprt5.sys
2015-02-20 09:53 - 2015-02-20 09:53 - 00000230 _____ () C:\Windows\system32\hppfaxprinter5.ini
2015-02-20 09:53 - 2015-02-20 09:53 - 00000000 ____D () C:\Users\Public\Documents\HP_LaserJet_Fax_0_6
2015-02-20 09:53 - 2015-02-20 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-02-20 09:53 - 2011-12-12 06:56 - 00019624 ____N (Hewlett-Packard Company) C:\Windows\system32\hppfaxprintermon5.dll
2015-02-20 09:53 - 2011-12-12 06:56 - 00015144 ____N (Hewlett-Packard Company) C:\Windows\system32\hppfaxprintermonui5.dll
2015-02-20 09:52 - 2015-02-20 09:52 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-02-19 11:00 - 2015-02-19 11:00 - 00000000 ____D () C:\Windows\pss
2015-02-18 10:39 - 2015-04-10 11:16 - 00000000 ____D () C:\Windows\Minidump
2015-02-16 18:06 - 2015-02-18 14:42 - 00035712 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\phonebook1.xml
2015-02-16 17:07 - 2015-02-16 17:07 - 00030770 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\Cluster 4 phase 1.xlsx
2015-02-13 13:45 - 2015-02-13 13:45 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-02-13 13:45 - 2015-02-13 13:45 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-13 13:45 - 2015-02-13 13:45 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-13 13:45 - 2015-02-13 13:45 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-13 13:45 - 2015-02-13 13:45 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-13 13:45 - 2015-02-13 13:45 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-02-13 13:45 - 2015-02-13 13:45 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-13 13:45 - 2015-02-13 13:45 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-13 13:45 - 2015-02-13 13:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-13 13:45 - 2015-02-13 13:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-13 13:42 - 2015-01-07 03:49 - 00089528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2015-02-13 13:42 - 2015-01-07 03:44 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-02-13 13:42 - 2015-01-07 02:35 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-02-13 13:42 - 2015-01-07 02:34 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2015-02-13 13:42 - 2015-01-07 02:34 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-02-13 13:42 - 2015-01-07 02:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-02-13 13:42 - 2015-01-07 02:34 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2015-02-13 13:42 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-13 13:42 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-13 13:42 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-13 13:41 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-13 13:41 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-06 11:11 - 2015-02-06 11:11 - 00029119 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\Traffex 2013 space only stands.xlsx
2015-02-04 18:55 - 2015-02-04 19:43 - 00000127 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\recalls.csv
2015-02-04 16:56 - 2015-02-04 16:57 - 00007553 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\Folders.kml
2015-02-04 16:29 - 2015-02-04 16:30 - 00813528 _____ () C:\Users\RixV230.INTDOMAIN\Documents\Readiris.DUS
2015-02-04 16:25 - 2015-02-04 16:32 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Documents\Readiris
2015-02-04 16:24 - 2015-02-04 16:24 - 00000161 _____ () C:\Windows\Readiris.ini
2015-02-04 16:24 - 2015-02-04 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S.
2015-02-04 16:23 - 2015-02-04 16:24 - 00000000 ____D () C:\Program Files\Readiris Pro 12
2015-02-04 09:53 - 2015-02-04 09:53 - 00001280 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\Command Prompt.lnk
2015-02-03 12:51 - 2015-02-03 12:52 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Documents\Fax
2015-02-02 19:21 - 2015-02-02 19:21 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\ProgramData\Sun
2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\Program Files\Java
2015-02-02 19:21 - 2015-02-02 19:21 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-02 17:30 - 2015-02-02 17:30 - 06372800 _____ (Tim Kosse) C:\Users\RixV230.INTDOMAIN\Downloads\FileZilla_3.10.1.1_win32-setup.exe
2015-02-02 13:10 - 2015-02-02 13:10 - 03326176 _____ (Microsoft Corporation) C:\Users\RixV230.INTDOMAIN\Desktop\OutlookConnector.exe
2015-01-30 14:26 - 2015-02-03 12:59 - 00006262 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\PBX.txt
2015-01-20 14:42 - 2015-01-20 14:42 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\CDex
2015-01-20 14:41 - 2015-04-10 15:22 - 00000000 ____D () C:\Program Files\CDex
2015-01-19 14:58 - 2015-01-19 14:58 - 06381120 _____ (Tim Kosse) C:\Users\RixV230.INTDOMAIN\Downloads\FileZilla_3.10.0.2_win32-setup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-17 08:33 - 2014-02-10 12:52 - 00789934 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 08:30 - 2014-04-17 09:36 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-17 08:29 - 2015-01-05 11:43 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\CrashDumps
2015-04-17 08:28 - 2014-02-10 14:08 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-17 08:25 - 2014-02-14 18:26 - 00000000 ____D () C:\App Install files
2015-04-16 18:44 - 2014-02-17 10:31 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\Google
2015-04-16 18:44 - 2014-02-17 10:31 - 00000000 ____D () C:\Program Files\Google
2015-04-16 18:35 - 2014-02-13 15:52 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\BitTorrent Sync
2015-04-16 18:24 - 2009-07-14 05:34 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 18:24 - 2009-07-14 05:34 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 18:18 - 2014-02-11 10:31 - 00000000 ___RD () C:\Users\RixV230.INTDOMAIN\Dropbox
2015-04-16 18:18 - 2014-02-11 10:29 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox
2015-04-16 18:17 - 2014-03-18 09:31 - 00000000 ____D () C:\ProgramData\VMware
2015-04-16 18:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 17:59 - 2014-02-13 16:23 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\KeePass
2015-04-16 17:58 - 2014-03-18 09:32 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\VMware
2015-04-16 17:58 - 2014-02-10 18:38 - 00000000 ___RD () C:\Users\RixV230.INTDOMAIN\Virtual Machines
2015-04-16 17:56 - 2014-02-13 13:28 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Adobe
2015-04-16 17:15 - 2014-02-13 18:18 - 00000000 ____D () C:\Rich1_2
2015-04-16 17:15 - 2014-02-13 18:17 - 00000000 ____D () C:\Rich1
2015-04-16 17:15 - 2014-02-13 15:54 - 00000000 ____D () C:\Rich2_2
2015-04-16 17:15 - 2014-02-13 15:54 - 00000000 ____D () C:\Rich2
2015-04-16 17:15 - 2014-02-11 10:38 - 00000000 ____D () C:\shortcuts
2015-04-16 17:08 - 2014-02-11 10:54 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\vlc
2015-04-16 14:37 - 2014-02-14 13:44 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\Documents\BrightPay
2015-04-16 14:04 - 2014-12-08 18:16 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\FileZilla
2015-04-16 09:31 - 2014-03-18 09:32 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\VMware
2015-04-15 09:11 - 2014-09-10 17:34 - 00157805 _____ () C:\Users\RixV230.INTDOMAIN\Desktop\Newsletter.txt
2015-04-13 10:08 - 2014-02-17 10:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-13 10:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\SchCache
2015-04-13 09:40 - 2014-02-10 16:55 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-10 16:01 - 2014-02-13 14:28 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Macromedia
2015-04-10 16:01 - 2014-02-13 14:28 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\Macromedia
2015-04-10 15:55 - 2014-02-10 13:25 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-04-10 14:55 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\addins
2015-04-10 11:16 - 2014-09-03 08:27 - 00000000 ____D () C:\Program Files\PDFCreator
2015-04-10 11:16 - 2014-02-10 20:45 - 00000000 ____D () C:\Windows\Panther
2015-04-10 09:41 - 2014-04-17 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-10 09:41 - 2014-04-17 09:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-10 09:19 - 2014-02-11 10:30 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 10:52 - 2014-02-14 13:26 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\Thesaurus_Software_Ltd
2015-04-08 10:52 - 2014-02-14 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrightPay
2015-04-08 10:52 - 2014-02-14 13:26 - 00000000 ____D () C:\Program Files\Thesaurus Software
2015-04-07 14:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-04-07 08:59 - 2009-07-14 05:33 - 00376936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-07 08:58 - 2014-04-16 16:58 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-07 08:37 - 2014-04-16 16:58 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-31 13:51 - 2014-02-13 16:16 - 00000000 ____D () C:\kp
2015-03-30 12:41 - 2014-07-18 08:24 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Local\Adobe
2015-03-30 12:40 - 2014-02-13 13:34 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-30 12:40 - 2014-02-13 13:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-27 18:38 - 2014-06-02 15:10 - 00000000 ____D () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Skype
==================== Files in the root of some directories =======
2015-04-10 09:08 - 2015-04-16 17:57 - 0000020 _____ () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\appdataFr3.bin
2014-07-29 12:53 - 2014-09-29 09:29 - 0038320 _____ () C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Microsoft Excel.ADR
2014-02-14 13:32 - 2014-02-14 13:44 - 0000277 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\applnch.exe
C:\Users\Administrator\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\RixV230.INTDOMAIN\AppData\Local\Temp\applnch.exe
C:\Users\RixV230.INTDOMAIN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu6eb0r.dll
C:\Users\RixV230.INTDOMAIN\AppData\Local\Temp\Quarantine.exe
C:\Users\RixV230.INTDOMAIN\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d57c8c92-928b-11e3-943f-a8eceab4de02}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {d57c8c94-928b-11e3-943f-a8eceab4de02}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {d57c8c92-928b-11e3-943f-a8eceab4de02}
nx OptIn
Windows Boot Loader
-------------------
identifier {d57c8c94-928b-11e3-943f-a8eceab4de02}
device ramdisk=[C:]\Recovery\d57c8c94-928b-11e3-943f-a8eceab4de02\Winre.wim,{d57c8c95-928b-11e3-943f-a8eceab4de02}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\d57c8c94-928b-11e3-943f-a8eceab4de02\Winre.wim,{d57c8c95-928b-11e3-943f-a8eceab4de02}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {d57c8c92-928b-11e3-943f-a8eceab4de02}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {d57c8c95-928b-11e3-943f-a8eceab4de02}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\d57c8c94-928b-11e3-943f-a8eceab4de02\boot.sdi
LastRegBack: 2015-04-14 00:42
==================== End Of Log ============================
Here is ADDITION.TXT
*******************************************************************************
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by rixv230 at 2015-04-17 08:38:44
Running from C:\Users\RixV230.INTDOMAIN\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
AutoHotkey 1.1.14.03 (HKLM\...\AutoHotkey) (Version: 1.1.14.03 - Lexikos)
BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.2.91 - )
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
BrightPay UK 2012/13 (HKLM\...\{48F8BB0C-ACB5-4645-A37A-334D79685791}) (Version: 12.4.1 - Thesaurus Software Ltd)
BrightPay UK 2013/14 (HKLM\...\{F522142C-7054-4DF3-8D37-1122249B1CDA}) (Version: 13.5.0 - Thesaurus Software Ltd)
BrightPay UK 2014/15 (HKLM\...\{A8D10431-8BF3-4A86-926E-8311F68F176B}) (Version: 14.4.0 - Thesaurus Software Ltd)
BrightPay UK 2015/16 (HKLM\...\{AA48E252-F7D6-45E6-90DC-07E026ADC7E4}) (Version: 15.0.2 - Thesaurus Software Ltd)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-1165442911-1284550553-3488898751-1157\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FreeCommander XE (HKLM\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
FreeFileSync 6.4 (HKLM\...\FreeFileSync) (Version: 6.4 - Zenju)
Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP LJ300-400 color MFP M375-M475 (HKLM\...\{9D1DE902-8058-4555-A16A-FBFAA49587DB}) (Version: 5.0.12200.706 - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 Fax (HKLM\...\{F284FAB3-7B91-499F-856A-1A8BF7649D8D}) (Version: 29.0.84.0 - Hewlett-Packard Co.)
hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM375M475DSService (Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (HKLM\...\{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}) (Version: 1.01.0000 - Hewlett-Packard)
hppFaxDrvM375M475 (Version: 003.000.00003 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM375_M475LaserJetService (Version: 005.021.00132 - Hewlett-Packard) Hidden
hppSendFaxM375M475 (Version: 003.000.00003 - Hewlett-Packard) Hidden
hppToolboxProxyM375 (Version: 035.024.006 - HP) Hidden
hpStatusAlerts (Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM375_M475 (Version: 050.034.0131 - Hewlett-Packard) Hidden
InstanceFinder (Version: 020.021.004 - HP) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeePass Password Safe 2.25 (HKLM\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
Keyboard LEDs (HKLM\...\Keyboard LEDs) (Version: 2.7 - KARPOLAN)
Macromedia Extension Manager (HKLM\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Matrox PowerDesk-SE (HKLM\...\{BB3E446F-A88E-4D91-9905-9138965561E3}) (Version: 11.12.0810.0001 - Matrox Graphics Inc.)
Matrox XPDM P-Series Driver (HKLM\...\Matrox XPDM P-Series Uninstaller) (Version: - Matrox Graphics Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Outlook 2003 (HKLM\...\{90E00409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (HKLM\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC)
PCL-W300 Capture (HKLM\...\PCL-W300 Capture) (Version: - )
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
QODBC Driver (HKLM\...\QODBC Driver) (Version: - )
Readiris Pro 12 (HKLM\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.6468 - I.R.I.S.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Shadow Copy Client (HKLM\...\{23E5032B-56CA-4C19-A72E-B50161DB82CA}) (Version: 5.2.01 - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ToolboxProxy (Version: 035.024.006 - HP) Hidden
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Player (HKLM\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
WebIS Desktop Sync 2.0 (HKLM\...\WebIS Desktop Sync) (Version: 2.0 - WebIS, Inc.)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1165442911-1284550553-3488898751-1157_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RixV230.INTDOMAIN\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
10-04-2015 09:11:07 Windows Update
10-04-2015 15:56:35 Installed Macromedia Flash 8
14-04-2015 11:25:25 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1C4D5532-EED8-4A2D-BC83-F3A6E45DC1FE} - System32\Tasks\{7E94F387-C95A-4110-9C2C-5130830D16CE} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {35004F61-88DF-4F94-AE88-A0AD13AAC2D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {3BC6191A-F1AF-4AB0-8EB4-B61C99392888} - System32\Tasks\{99AC0261-4B67-4590-9734-A7EB46C8C0BA} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {4A745049-D51B-4729-B446-F14312536D0D} - System32\Tasks\{730F6E39-1D6D-4E6F-9351-5E3062EBEE1C} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {52AD4C4C-873C-4E69-9A91-1373887EC49B} - System32\Tasks\Rich1 Rich2 backup to Y => C:\Program Files\FreeFileSync\FreeFileSync.exe [2014-04-01] (freefilesync.sourceforge.net)
Task: {5CD92BF0-DFFA-41BF-8AB6-742E02354EF0} - System32\Tasks\AppInstall backup => C:\Program Files\FreeFileSync\FreeFileSync.exe [2014-04-01] (freefilesync.sourceforge.net)
Task: {6D614799-CD53-4FF5-954E-088AA7903E70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {6FB40D7B-F3D3-4B27-AD88-9B17BDFBBAC8} - System32\Tasks\MyDataToRaid => C:\Program Files\FreeFileSync\FreeFileSync.exe [2014-04-01] (freefilesync.sourceforge.net)
Task: {836D5169-BDE9-49A7-AFE0-EF465D275B9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {845DD737-4234-440F-A69B-4F7458C47F36} - System32\Tasks\{1A5A0A20-092A-4271-BA94-E11645B05D2B} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {8B403A06-B374-43F7-AA9E-FD674B98D3F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {8C589C3F-3415-4F5E-ADB5-03DD91D2AE28} - System32\Tasks\{1C9543DA-3A21-40A9-B388-7531034641CA} => pcalua.exe -a C:\Users\RixV230.INTDOMAIN\Desktop\MidiEditor_2_5_0_Install.exe -d C:\Users\RixV230.INTDOMAIN\Desktop
Task: {9812AA92-5AD9-4D47-B128-51E4D70C6476} - System32\Tasks\{29EF874B-2A06-45A7-A6D0-C4E9DB1F0361} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {CAD22363-E379-4571-B056-D246F204F6C2} - System32\Tasks\{1976E543-48E3-43A4-B3CA-D023821A7F91} => pcalua.exe -a C:\Users\RixV230.INTDOMAIN\Desktop\Redemption\Install.exe -d C:\Users\RixV230.INTDOMAIN\Desktop\Redemption
Task: {D4059557-D2A5-4C32-AC21-4E4377905018} - System32\Tasks\{AF296040-1A62-491E-AB5E-7995FBA05800} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {D7146FD1-3BED-4205-9ABE-DCFCA2ED450C} - System32\Tasks\{65EC62CE-3BB2-42E4-B4EC-801832853C64} => C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe [2005-01-07] (Intuit, Inc.)
Task: {F966D755-2747-474C-B804-AF26C3002B08} - System32\Tasks\{D36507CA-2B0C-46DF-97A9-2ED3BFA918E2} => pcalua.exe -a C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe -c /relaunched/rootloc=c:\creative suite cs2\adobe creative suite 2.0/lang=0809
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\RixV230.INTDOMAIN\Desktop\BrightPay-UK-15.0.2-Install.exe:com.dropbox.attributes
AlternateDataStreams: C:\Users\RixV230.INTDOMAIN\Desktop\OutlookConnector.exe:com.dropbox.attributes
AlternateDataStreams: C:\Users\RixV230.INTDOMAIN\Desktop\siptapi-0.2.17_Debug+Release.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\RixV230.INTDOMAIN\Desktop\vw3558d522613168c2250b (1).pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\RixV230.INTDOMAIN\Desktop\vw3558d522613168c2250b.pdf:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1165442911-1284550553-3488898751-1157\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.3 - 4.4.4.4
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
==================== Accounts: =============================
Administrator (S-1-5-21-3108595551-3681463330-2070613097-500 - Administrator - Disabled)
Guest (S-1-5-21-3108595551-3681463330-2070613097-501 - Limited - Disabled)
RixV230 (S-1-5-21-3108595551-3681463330-2070613097-1000 - Administrator - Enabled) => C:\Users\RixV230
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: VMware VMCI Host Device
Description: VMware VMCI Host Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: vmci
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (04/17/2015 08:29:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x37c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (04/16/2015 06:35:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 364: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Error: (04/16/2015 06:35:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 324: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Error: (04/16/2015 06:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x46c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (04/16/2015 06:18:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Bad service type in ._webissync_client._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.or...viceTypes.html>
Error: (04/16/2015 06:06:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Bad service type in ._webissync_client._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.or...viceTypes.html>
Error: (04/16/2015 00:31:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/16/2015 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/15/2015 00:31:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (04/15/2015 00:31:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (04/17/2015 08:38:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:38:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:38:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:35:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:35:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:35:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:30:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:30:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:30:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/17/2015 08:28:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Microsoft Office Sessions:
=========================
Error: (04/17/2015 08:29:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa137c01d078e0344ac344C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll86091d3e-e4d3-11e4-9c03-005056c00008
Error: (04/16/2015 06:35:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 364: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Error: (04/16/2015 06:35:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 324: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
Error: (04/16/2015 06:33:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa146c01d0786b23a56565C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dlla834370b-e45e-11e4-8ebd-005056c00008
Error: (04/16/2015 06:18:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Bad service type in ._webissync_client._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.or...viceTypes.html>
Error: (04/16/2015 06:06:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Bad service type in ._webissync_client._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.or...viceTypes.html>
Error: (04/16/2015 00:31:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\freefilesync\Bin\RealtimeSync_x64.exe
Error: (04/16/2015 00:31:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\freefilesync\Bin\FreeFileSync_x64.exe
Error: (04/15/2015 00:31:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\freefilesync\Bin\RealtimeSync_x64.exe
Error: (04/15/2015 00:31:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\freefilesync\Bin\FreeFileSync_x64.exe
CodeIntegrity Errors:
===================================
Date: 2015-03-11 13:17:13.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-03-11 13:03:56.408
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-03-11 12:17:16.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-03-11 12:10:58.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-03-11 11:53:08.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-03-11 11:43:05.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-03-11 11:31:24.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-02-26 13:37:10.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-02-26 13:30:06.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2015-02-26 13:21:47.567
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 15%
Total physical RAM: 3070.8 MB
Available physical RAM: 2600.52 MB
Total Pagefile: 6139.9 MB
Available Pagefile: 5737.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.68 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:100.51 GB) NTFS
Drive e: (WD Passport) (Fixed) (Total:232.88 GB) (Free:69.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FC09C03C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
**************************************************************************************************
Edited by RixUK, 17 April 2015 - 03:54 AM.
Sign In
Create Account
