Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

popups comming all the time


  • This topic is locked This topic is locked

#1
RUSTY2

RUSTY2

    Member

  • Member
  • PipPipPip
  • 164 posts

thank you guys for your help well looks like I did it again tried to download a file to fix my wifes compluter and got hammered , now popup computer goes to a site even if I am not on the net. crazy! ran malrarebytes still have a big problem


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by BR (administrator) on BRIAN-PC on 08-05-2015 19:01:18
Running from C:\Users\BR\Downloads
Loaded Profiles: BR (Available profiles: BRIAN & bcom & BR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Windows\mrzv.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\rzv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Alibaba (China) Co., Ltd.) C:\Program Files (x86)\TradeManager\AliIM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\Games Bot\GamesBot.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\BR\AppData\Local\Games Bot\Explore\Explore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31346784 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [aliim] => C:\Program Files (x86)\TradeManager\AliIM.exe [293880 2014-12-29] (Alibaba (China) Co., Ltd.)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [HP Officejet Pro 8620 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Run: [GamesBot] => C:\Program Files (x86)\Games Bot\GamesBot.exe [311912 2015-04-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-01-04]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-07]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{8bd5c36c-7e58-56a9-8bd5-5c36c7e50db1}\hqghumeaylnlf.exe (Super PC Tools Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-09] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....google.com&OSP=
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
SearchScopes: HKLM -> {07C7C110-7846-4522-8DA7-7316F05F3171} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-998330651-303224156-1059126384-1004 -> {5C92EB9F-4A20-4856-8F45-C04A70AC3398} URL = https://www.google.c...q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.144.16 64.59.150.132

FireFox:
========
FF ProfilePath: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644
FF Homepage: https://www.google.c...annel=iphone_bm
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-03] ()
FF Plugin-x32: @alibaba.com/nptrademanager;version=1.0 -> C:\Program Files (x86)\TradeManager\nptrademanager.dll [2014-12-29] ( )
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\TradeManager\npwangwang.dll [2014-12-29] ( )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [2014-12-28] (Alibaba software (Shanghai) Corporation.)
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" No File
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" No File
FF user.js: detected! => C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\user.js [2015-05-07]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll [2014-12-29] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2014-12-29] ( )
FF SearchPlugin: C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\searchplugins\startpointkms.xml [2015-05-02]
FF Extension: New Tab Tools - C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\Extensions\[email protected] [2015-04-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 BackupService; C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-04-22] (Games Bot Inc.)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 mrzv; c:\windows\mrzv.exe [408576 2015-05-07] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 rzv; c:\windows\rzv.exe [417792 2015-05-07] () [File not signed]
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-06-07] (SolidWorks) [File not signed]
S4 SQLANYs_SmpParts; C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe [136568 2010-12-08] (iAnywhere Solutions, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinFixRealTimeProtector; C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) [File not signed]
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider) [File not signed]
S2 wntpport; No ImagePath
S3 cpuz134; \??\C:\Users\BR\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 19:01 - 2015-05-08 19:03 - 00037650 _____ () C:\Users\BR\Downloads\FRST.txt
2015-05-08 19:00 - 2015-05-08 19:01 - 00000000 ____D () C:\FRST
2015-05-08 19:00 - 2015-05-08 19:00 - 02102272 _____ (Farbar) C:\Users\BR\Downloads\FRST64.exe
2015-05-08 18:56 - 2015-05-08 18:56 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 18356.crdownload
2015-05-08 18:55 - 2015-05-08 18:55 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 676724.crdownload
2015-05-08 11:53 - 2015-05-08 17:33 - 00000000 ____D () C:\Users\BR\AppData\Local\2063
2015-05-08 11:52 - 2015-05-08 11:52 - 00000000 ____D () C:\Users\BR\Documents\My Drawings
2015-05-08 11:52 - 2015-05-08 11:52 - 00000000 ____D () C:\Users\BR\AppData\Local\Dassault Systemes
2015-05-08 11:48 - 2015-05-08 11:52 - 00000000 ____D () C:\Users\BR\AppData\Roaming\DraftSight
2015-05-08 11:47 - 2015-05-08 11:47 - 00000000 ____D () C:\ProgramData\Dassault Systemes
2015-05-08 11:47 - 2015-05-08 11:47 - 00000000 ____D () C:\Program Files\Dassault Systemes
2015-05-08 11:44 - 2015-05-08 11:45 - 190719264 _____ (Microsoft Corporation) C:\Users\BR\Downloads\DraftSight64.exe
2015-05-08 11:32 - 2015-05-08 11:32 - 00077047 _____ () C:\Users\BR\Desktop\DRUM.dwg
2015-05-08 09:09 - 2015-05-08 09:09 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 714071.crdownload
2015-05-08 09:08 - 2015-05-08 09:08 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 306457.crdownload
2015-05-08 09:07 - 2015-05-08 09:07 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 87939.crdownload
2015-05-08 09:06 - 2015-05-08 09:06 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 858252.crdownload
2015-05-08 08:48 - 2015-05-08 08:49 - 00000000 ____D () C:\Users\BR\AppData\Local\{0413D425-08D0-48EC-BDC5-9F98488B99E0}
2015-05-08 05:32 - 2015-05-08 05:32 - 00001231 _____ () C:\Users\BR\Downloads\setup (1).website
2015-05-08 05:31 - 2015-05-08 05:31 - 00001231 _____ () C:\Users\BR\Downloads\setup.website
2015-05-08 05:29 - 2015-05-08 05:29 - 00796024 _____ (Program ) C:\Users\BR\Downloads\Unconfirmed 876042.crdownload
2015-05-08 01:37 - 2015-05-08 01:38 - 00000000 ____D () C:\Users\BR\AppData\Local\Games Bot
2015-05-08 01:37 - 2015-05-08 01:37 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-05-08 01:37 - 2015-05-08 01:37 - 00000000 ____D () C:\Users\BR\AppData\Roaming\lection
2015-05-08 01:37 - 2015-05-08 01:37 - 00000000 ____D () C:\Program Files (x86)\Games Bot
2015-05-08 00:59 - 2015-05-08 00:59 - 00000000 ____D () C:\Users\BR\AppData\Local\4993
2015-05-08 00:37 - 2015-05-08 11:30 - 00000000 ___HD () C:\ProgramData\rzv
2015-05-08 00:37 - 2015-05-08 00:37 - 00004292 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3737383931313830322d32785745232a6c3455322a57
2015-05-07 17:40 - 2015-05-07 17:40 - 00000000 ____D () C:\ProgramData\eaa4fa400000408b
2015-05-07 17:38 - 2015-05-07 17:38 - 00000000 ____D () C:\Users\BR\Documents\Optimizer Pro
2015-05-07 17:36 - 2015-05-08 18:40 - 00001014 _____ () C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job
2015-05-07 17:36 - 2015-05-07 17:36 - 00004034 _____ () C:\Windows\System32\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-05-07 17:35 - 2015-05-07 17:35 - 00004270 _____ () C:\Windows\System32\Tasks\WinFixUpdater
2015-05-07 17:32 - 2015-05-07 18:06 - 00000000 ____D () C:\ProgramData\{8bd5c36c-7e58-56a9-8bd5-5c36c7e50db1}
2015-05-07 17:32 - 2015-05-07 17:37 - 00000136 _____ () C:\Windows\Reimage.ini
2015-05-07 17:32 - 2015-05-07 17:37 - 00000120 _____ () C:\Windows\winfix.ini
2015-05-07 17:32 - 2015-05-07 17:35 - 00000000 ____D () C:\Program Files (x86)\Reg Pro Cleaner
2015-05-07 17:32 - 2015-05-07 17:32 - 00631296 _____ () C:\Windows\rzv.dat
2015-05-07 17:32 - 2015-05-07 17:32 - 00408576 _____ () C:\Windows\mrzv.exe
2015-05-07 17:31 - 2015-05-08 08:50 - 00000000 ____D () C:\ProgramData\{f50f9304-a593-be58-f50f-f9304a594c12}
2015-05-07 17:31 - 2015-05-07 17:32 - 00417792 _____ () C:\Windows\rzv.exe
2015-05-07 17:31 - 2015-05-07 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-05-07 11:12 - 2015-05-07 11:12 - 00000000 ____D () C:\Users\BR\AppData\Local\{2BDAA665-4A61-4C94-9F46-B8EA4BFE1265}
2015-05-07 07:57 - 2015-05-07 07:57 - 00103611 _____ () C:\Users\BR\Downloads\Endless Lace.pes
2015-05-07 07:57 - 2015-05-07 07:57 - 00093994 _____ () C:\Users\BR\Downloads\Standalone.pes
2015-05-07 07:57 - 2015-05-07 07:57 - 00026802 _____ () C:\Users\BR\Downloads\Single Lace.pes
2015-05-07 07:57 - 2015-05-07 07:57 - 00026802 _____ () C:\Users\BR\Downloads\Single Lace (1).pes
2015-05-06 23:31 - 2015-05-06 23:31 - 00000000 ____D () C:\Users\BR\AppData\Local\{99A624BD-D610-497B-AE40-0C8B38D45F5C}
2015-05-06 09:00 - 2015-05-06 09:00 - 00000000 ____D () C:\Users\BR\Desktop\New folder
2015-05-06 08:53 - 2015-05-06 08:53 - 00000000 ____D () C:\Users\BR\AppData\Local\{4B1AC328-D9C3-44C4-9B9D-D015E0BEAA09}
2015-05-05 09:16 - 2015-05-05 09:16 - 00000000 ____D () C:\Users\BR\AppData\Local\{9514C0D3-66E4-4420-A079-8972BD26D8AE}
2015-05-05 08:25 - 2015-05-05 08:25 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\BR\Downloads\rkill.exe
2015-05-05 08:05 - 2015-05-05 08:05 - 00067062 _____ () C:\Users\BR\Desktop\PERFORATED SHELL - 18ga SS - 20_4in - latest Feb-06-09.dwg
2015-05-05 06:08 - 2015-05-05 06:08 - 00000000 ____D () C:\Users\BR\AppData\Local\{3771D3BE-092E-41B5-809F-CBAA55F006DC}
2015-05-04 18:31 - 2015-05-04 18:31 - 00088553 _____ () C:\Users\BR\Documents\tony.dxf
2015-05-04 14:43 - 2015-05-04 14:43 - 00001990 _____ () C:\Users\BR\Desktop\WD SmartWare - Shortcut.lnk
2015-05-04 12:36 - 2015-05-04 12:36 - 00000000 ____D () C:\Users\BR\AppData\Local\{E419D834-F9DB-4D2E-821C-A28A4DA9031C}
2015-05-04 10:40 - 2015-05-04 10:40 - 00000000 ____D () C:\Analytics
2015-05-04 08:10 - 2015-05-04 08:10 - 00000000 ____D () C:\ProgramData\ClubSanDisk
2015-05-04 06:54 - 2015-05-04 06:54 - 00969504 _____ (Microsoft Corporation) C:\Users\BR\Downloads\Windows7-USB-DVD-tool.exe
2015-05-04 00:35 - 2015-05-04 00:35 - 00000000 ____D () C:\Users\BR\AppData\Local\{937AD1EF-2374-4C00-94AD-11E3BE423E22}
2015-05-03 22:35 - 2015-05-03 22:35 - 00001044 _____ () C:\Users\Public\Desktop\KeyFinder.lnk
2015-05-03 22:35 - 2015-05-03 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-05-03 22:35 - 2015-05-03 22:35 - 00000000 ____D () C:\Program Files (x86)\Magical Jelly Bean
2015-05-03 22:33 - 2015-05-03 22:34 - 01178272 _____ (Magical Jelly Bean ) C:\Users\BR\Downloads\KeyFinderInstaller.exe
2015-05-03 22:07 - 2015-05-04 06:55 - 00002467 _____ () C:\Users\BR\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-05-03 22:07 - 2015-05-04 06:55 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-05-03 22:07 - 2015-05-04 06:55 - 00000000 ____D () C:\Users\BR\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-05-03 22:06 - 2015-05-03 22:06 - 02721168 _____ (Microsoft Corporation) C:\Users\BR\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-05-03 14:07 - 2015-05-03 14:07 - 00806816 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\BR\Downloads\rufus-2.1.exe
2015-05-03 14:07 - 2015-05-03 14:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-03 11:52 - 2015-05-03 11:56 - 00000000 ____D () C:\Users\BR\AppData\Local\SmartWeb
2015-05-03 09:51 - 2015-05-03 09:51 - 00000000 ____D () C:\BreakingNewsAlert
2015-05-02 18:35 - 2015-05-02 18:35 - 00000000 ____D () C:\ProgramData\57b3a3ad00003ff1
2015-05-02 18:33 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\bb3f2cb000005b88
2015-05-02 15:04 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-05-02 15:03 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\ASPackage
2015-05-02 15:02 - 2015-05-02 15:02 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-02 15:01 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\{8e475fd0-dd8d-92e3-8e47-75fd0dd87f43}
2015-05-02 14:56 - 2015-05-03 10:21 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-02 14:56 - 2015-05-02 14:56 - 00000000 ____D () C:\Users\BR\AppData\Local\CrashRpt
2015-05-02 14:55 - 2015-05-02 14:55 - 00000000 ____D () C:\ProgramData\{a636dd2d-7fce-43bf-a636-6dd2d7fc74b5}
2015-05-02 14:53 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Local\WebPlayer
2015-05-02 14:51 - 2015-05-07 23:40 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-02 14:51 - 2015-05-02 14:51 - 00000000 ____D () C:\Users\BR\AppData\Local\globalUpdate
2015-05-02 14:49 - 2015-05-03 10:21 - 00000000 ____D () C:\Users\BR\AppData\Local\BreakingNewsAlert
2015-05-02 14:49 - 2015-05-02 14:49 - 00000000 ____D () C:\Users\BR\AppData\Local\{F98E9123-90A3-4EEC-87A6-21761D689883}
2015-05-02 14:46 - 2015-05-03 13:27 - 00000000 ____D () C:\ProgramData\mceNtuX
2015-05-02 14:46 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\BreakingNewsAlert
2015-05-02 11:06 - 2015-05-02 11:06 - 00000000 ____D () C:\Users\BR\AppData\Local\SlimWare Utilities Inc
2015-05-02 10:04 - 2015-05-02 10:04 - 00000000 ____D () C:\Users\BR\AppData\Local\{52019EA2-2FEE-4531-8AB2-253E075D40F9}
2015-05-02 09:15 - 2015-05-02 09:16 - 00000000 ____D () C:\Users\BR\AppData\Local\{F7F791AC-9C94-4E3D-AFBD-C3A2FED8579F}
2015-05-01 09:46 - 2015-05-01 09:46 - 00000000 ____D () C:\Users\BR\AppData\Local\{9C81243B-1A20-4566-9090-E197A8488294}
2015-04-30 15:18 - 2015-04-30 15:18 - 00000000 ____D () C:\Users\BR\AppData\Local\{8B7A4E1C-8F97-4457-A99A-216C4D85AFA7}
2015-04-30 00:01 - 2015-04-30 00:01 - 00023200 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys
2015-04-29 20:41 - 2015-04-29 20:41 - 00000000 ____D () C:\Users\BR\AppData\Local\{36939B5D-AF1B-4B16-8F4D-77BAC04FFD60}
2015-04-29 07:59 - 2015-04-29 07:59 - 00000000 ____D () C:\Users\BR\AppData\Local\{534AF6F3-8DD1-47BE-9F90-F98DEE6DF489}
2015-04-28 11:36 - 2015-04-28 11:36 - 00000000 ____D () C:\Users\BR\AppData\Local\{5AF70EB7-AFD3-4386-860E-FC21FFABA6E1}
2015-04-27 22:10 - 2015-04-27 22:10 - 00000000 ____D () C:\Users\BR\AppData\Local\{34E6D3C1-27EF-433D-9DC9-0F019842CF98}
2015-04-27 09:01 - 2015-04-27 09:01 - 00000000 ____D () C:\Users\BR\AppData\Local\{4AE04381-E5C3-4543-8A93-0DF10C3024C4}
2015-04-26 11:38 - 2015-04-26 11:38 - 00000000 ____D () C:\Users\BR\AppData\Local\{8F30AAA5-2993-415A-BBC2-9E1FFF8D6BA2}
2015-04-26 10:03 - 2015-04-26 10:03 - 00000000 ____D () C:\Users\BR\AppData\Local\{E737BC12-9871-407D-9FB0-566395069BC1}
2015-04-25 08:31 - 2015-04-25 08:31 - 00000000 ____D () C:\Users\BR\AppData\Local\{87BE99A4-312F-4CD2-8136-3FAD5FC3C28D}
2015-04-24 10:52 - 2015-04-24 10:52 - 00000000 ____D () C:\Users\BR\AppData\Local\{304DB668-6B78-40F3-AE60-2013D494A085}
2015-04-24 09:33 - 2015-04-24 09:33 - 00000000 ____D () C:\Users\BR\AppData\Local\{AAA4EAD5-9824-49BA-90D1-637D554A1C2C}
2015-04-23 07:24 - 2015-04-23 07:24 - 00000000 ____D () C:\Users\BR\AppData\Local\{36255A68-CB92-4169-9C10-3AC18A98860B}
2015-04-22 11:15 - 2015-04-22 11:15 - 03074400 _____ (Avanquest Software ) C:\Users\BR\Downloads\SmartDriverUpdater.exe
2015-04-22 08:49 - 2015-04-22 08:49 - 00000000 ____D () C:\Users\BR\AppData\Local\{48A5BB88-B079-4DB7-82E1-FA13510BD7E6}
2015-04-22 03:27 - 2015-05-08 18:41 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-22 03:22 - 2015-04-22 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-21 18:45 - 2015-04-21 18:45 - 00000000 ____D () C:\Users\BR\AppData\Local\{9759DDEB-1937-45D7-A1AB-1C0D7973003A}
2015-04-21 18:16 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-21 18:16 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-21 18:16 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-21 18:16 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-21 18:16 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-21 18:16 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-21 18:16 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-21 18:16 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-21 18:16 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-21 18:16 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-21 18:16 - 2015-03-22 20:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-21 18:16 - 2015-03-22 20:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-21 18:16 - 2015-03-22 20:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-21 18:16 - 2015-03-22 20:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-21 18:16 - 2015-03-22 20:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-21 18:16 - 2015-03-22 20:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-21 18:16 - 2015-03-22 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-21 18:16 - 2015-03-22 20:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-21 18:16 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-21 18:16 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-21 18:16 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-21 18:16 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-21 18:16 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-21 18:16 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-21 18:16 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-21 18:16 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-21 18:16 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-21 18:16 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-21 18:16 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-21 18:16 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-21 18:16 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-21 18:16 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-21 18:16 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-21 18:16 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-21 18:16 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-21 18:16 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-21 18:16 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-21 18:16 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-21 18:16 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-21 18:16 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-21 18:16 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-21 18:16 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-21 18:16 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-21 18:16 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-21 18:16 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-21 18:16 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-21 18:16 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-21 18:16 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 18:16 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-21 18:16 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-21 18:16 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-21 18:16 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-21 18:16 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-21 18:16 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-21 18:16 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-21 18:14 - 2015-04-01 17:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-21 18:14 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-21 18:14 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-21 18:14 - 2015-03-12 21:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-21 18:14 - 2015-03-12 21:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-21 18:14 - 2015-03-12 21:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-21 18:14 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-21 18:14 - 2015-03-12 21:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-21 18:14 - 2015-03-12 21:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-21 18:14 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-21 18:14 - 2015-03-12 21:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-21 18:14 - 2015-03-12 21:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-21 18:14 - 2015-03-12 20:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-21 18:14 - 2015-03-12 20:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-21 18:14 - 2015-03-12 20:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-21 18:14 - 2015-03-12 20:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-21 18:14 - 2015-03-12 20:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-21 18:14 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-21 18:14 - 2015-03-12 20:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-21 18:14 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-21 18:14 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-21 18:14 - 2015-03-12 20:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-21 18:14 - 2015-03-12 20:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-21 18:14 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-21 18:14 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-21 18:14 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-21 18:14 - 2015-03-12 20:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-21 18:14 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-21 18:14 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-21 18:14 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-21 18:14 - 2015-03-12 20:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-21 18:14 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-21 18:14 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-21 18:14 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-21 18:14 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-21 18:14 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-21 18:14 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-21 18:14 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-21 18:14 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-21 18:14 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-21 18:14 - 2015-03-12 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-21 18:14 - 2015-03-12 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-21 18:14 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-21 18:14 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-21 18:14 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-21 18:14 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-21 18:14 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-21 18:14 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-21 18:14 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-21 18:14 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-21 18:14 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-21 18:14 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-21 18:14 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-21 18:14 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-21 18:14 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-21 18:14 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-21 18:14 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-21 18:14 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-21 18:14 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-21 18:11 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-21 18:11 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-21 18:11 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-21 16:45 - 2015-04-21 16:45 - 00080262 _____ () C:\Users\BR\Documents\lucky13-t-shirt-ember-detail.QEP
2015-04-21 16:40 - 2015-04-21 16:40 - 02833256 _____ () C:\Users\BR\Downloads\FREEData7EmbConToolWithAds.zip
2015-04-21 10:11 - 2015-04-21 10:11 - 00000000 ____D () C:\Users\BR\AppData\Local\{01099F73-877E-4625-8692-D04CB324E9B4}
2015-04-20 09:31 - 2015-04-20 09:31 - 00000000 ____D () C:\Users\BR\AppData\Local\{CAF2D4C0-26ED-4634-AE89-018762DA8D06}
2015-04-19 07:40 - 2015-04-19 07:40 - 00000000 ____D () C:\Users\BR\AppData\Local\{162C6D38-2ADD-4845-A082-A26BED6E611F}
2015-04-17 15:13 - 2015-04-17 15:13 - 00000000 ____D () C:\Users\BR\AppData\Local\{DE49EE3D-4066-4D08-B3AC-66167BC226EC}
2015-04-17 05:01 - 2015-04-17 05:01 - 00010401 _____ () C:\Users\BR\AppData\Local\recently-used.xbel
2015-04-17 03:12 - 2015-04-17 03:13 - 00000000 ____D () C:\Users\BR\AppData\Local\{4D921765-DFAC-4952-91B0-AED895155A61}
2015-04-16 14:54 - 2015-04-16 14:54 - 00000000 ____D () C:\Users\BR\AppData\Local\{8634D72C-DB53-4127-912A-784A56508F47}
2015-04-16 10:43 - 2015-04-16 10:43 - 00000000 ____D () C:\Users\BR\AppData\Local\{7A22494A-96DD-445A-ACDB-63CAFBE0F32D}
2015-04-15 21:27 - 2015-04-15 21:27 - 00000000 ____D () C:\Users\BR\AppData\Local\{34B1EBAB-A316-494C-A3B8-6C1770708381}
2015-04-15 09:27 - 2015-04-15 09:27 - 00000000 ____D () C:\Users\BR\AppData\Local\{EF78B6A6-5363-4A6E-AF5B-75F6655763B0}
2015-04-15 08:53 - 2015-04-15 08:53 - 00000000 ____D () C:\Users\BR\AppData\Local\{78B3E208-C221-4CBF-81BF-3F21F7C0C21A}
2015-04-14 20:22 - 2015-04-14 20:22 - 00000000 ____D () C:\Users\BR\AppData\Local\{28DBAF16-0F4C-46A7-85E2-C695ADA15719}
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\BB5Ka9VGumqUrMDiPOYGi
2015-04-14 07:46 - 2015-04-14 07:46 - 00000000 ____D () C:\Users\BR\AppData\Local\{A975B4D8-5384-4BAA-AB02-C13ED97879D2}
2015-04-13 21:26 - 2015-04-13 21:26 - 00000000 ____D () C:\Users\BR\AppData\Local\{131A4047-96BD-45EA-9629-906BD1704ECD}
2015-04-13 07:48 - 2015-04-13 07:48 - 00000000 ____D () C:\Users\BR\AppData\Local\{9579CE65-90F5-4DDE-9CCC-B6A47516F62A}
2015-04-13 01:10 - 2015-04-13 01:10 - 00000000 ____D () C:\Users\BR\AppData\Local\{ED1FA75F-3964-40FF-9FD7-F24EFAEB3605}
2015-04-12 08:53 - 2015-04-12 08:53 - 00000000 ____D () C:\Users\BR\AppData\Local\{C24A3FB2-B690-4FE8-ACDB-0FE4E8D2E502}
2015-04-10 10:34 - 2015-04-10 10:34 - 05197824 _____ () C:\Users\BR\Downloads\HPSupportSolutionsFramework-11.51.0049(1).msi
2015-04-10 09:36 - 2015-04-10 09:36 - 00000000 ____D () C:\Users\BR\AppData\Local\{637EB0EC-F261-40B6-9798-6AB8DF9B716B}
2015-04-09 07:55 - 2015-04-09 07:55 - 00000000 ____D () C:\Users\BR\AppData\Local\{91A7897A-9537-4D2B-A88B-70CF2F3F3C4D}
2015-04-08 06:52 - 2015-04-08 06:52 - 00000000 ____D () C:\Users\BR\AppData\Local\{C747753F-0CBB-4E79-9FE2-BAF9F600DB95}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 19:01 - 2012-04-18 08:43 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Skype
2015-05-08 18:41 - 2014-11-20 09:35 - 00000000 ___RD () C:\Users\BR\iCloudDrive
2015-05-08 18:41 - 2014-02-11 23:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-08 18:41 - 2012-04-01 20:31 - 00000000 ____D () C:\Users\BR\AppData\Local\Adobe
2015-05-08 18:40 - 2014-05-02 19:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 18:39 - 2012-04-13 08:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 18:37 - 2014-05-02 19:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-08 18:11 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 18:11 - 2009-07-13 21:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 17:33 - 2012-04-01 10:07 - 00000000 ____D () C:\Users\bcom
2015-05-08 17:33 - 2012-03-13 06:09 - 00000000 ____D () C:\Users\BRIAN
2015-05-08 17:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-05-08 17:28 - 2009-07-13 22:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-08 17:24 - 2012-03-13 06:12 - 01251129 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 17:22 - 2015-04-06 08:35 - 00048950 _____ () C:\Windows\PFRO.log
2015-05-08 17:22 - 2015-03-22 01:00 - 00007819 _____ () C:\Windows\setupact.log
2015-05-08 17:22 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 16:42 - 2014-11-02 23:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 16:41 - 2012-04-01 11:22 - 00000000 ____D () C:\Users\BR
2015-05-08 11:42 - 2012-06-07 18:40 - 00000000 ____D () C:\Users\BR\AppData\Local\SolidWorks
2015-05-08 11:42 - 2012-06-07 09:17 - 00000000 ____D () C:\Users\BR\AppData\Roaming\SolidWorks
2015-05-08 11:22 - 2014-07-22 15:10 - 00000000 ____D () C:\Windows\Minidump
2015-05-08 09:47 - 2014-11-02 23:29 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 09:47 - 2014-11-02 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 09:47 - 2014-11-02 23:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-07 18:05 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-07 18:02 - 2012-04-01 11:22 - 00001415 _____ () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 07:21 - 2015-03-25 13:51 - 00894294 _____ () C:\Windows\SysWOW64\~.tmp
2015-05-05 13:57 - 2015-03-18 07:21 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-05-04 18:32 - 2015-03-05 03:17 - 00000000 ____D () C:\Users\BR\Documents\Corel
2015-05-03 14:44 - 2012-03-13 06:00 - 00000000 ____D () C:\ProgramData\Recovery
2015-05-03 13:51 - 2012-04-13 08:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-03 13:51 - 2012-04-13 08:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-03 13:51 - 2012-03-16 01:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-03 13:28 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-03 13:28 - 2015-03-18 07:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-05-03 13:27 - 2014-05-13 19:36 - 00000000 ____D () C:\Program Files (x86)\TradeManager
2015-05-03 13:27 - 2012-04-26 06:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-03 13:27 - 2009-12-17 13:16 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-05-03 13:27 - 2009-12-17 13:13 - 00000000 ____D () C:\Windows\SysWOW64\Lang
2015-05-03 13:27 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2015-05-03 13:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\spp
2015-05-03 13:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Speech
2015-05-03 13:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\NetworkList
2015-05-03 13:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\spool
2015-05-03 13:26 - 2015-03-08 05:46 - 00000000 ____D () C:\Users\BR\Desktop\Old Firefox Data
2015-05-03 13:26 - 2012-04-01 11:22 - 00000000 ___RD () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-03 13:25 - 2015-03-25 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilcom TrueSizer e3.0
2015-05-03 13:25 - 2015-03-16 18:26 - 00000000 ____D () C:\ProgramData\Buzz Tools
2015-05-03 13:25 - 2015-03-10 23:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-03 13:25 - 2015-03-08 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE-DESIGN 8 (Trial Version)
2015-05-03 13:25 - 2015-03-05 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2015-05-03 13:25 - 2015-03-05 03:02 - 00000000 ____D () C:\ProgramData\Corel
2015-05-03 13:25 - 2015-03-02 14:30 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-05-03 13:25 - 2015-01-04 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-05-03 13:25 - 2014-11-15 17:09 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-03 13:25 - 2014-11-15 17:07 - 00000000 ____D () C:\ProgramData\Apple
2015-05-03 13:25 - 2014-09-18 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-05-03 13:25 - 2014-09-18 15:49 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-05-03 13:25 - 2014-09-07 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-05-03 13:25 - 2014-09-04 16:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-03 13:25 - 2014-01-25 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-03 13:25 - 2013-09-10 16:57 - 00000000 ____D () C:\ProgramData\PopCap Games
2015-05-03 13:25 - 2013-08-27 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-05-03 13:25 - 2013-08-27 18:27 - 00000000 ____D () C:\ProgramData\Autodesk
2015-05-03 13:25 - 2013-08-06 06:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-03 13:25 - 2012-12-27 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-05-03 13:25 - 2012-12-15 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-05-03 13:25 - 2012-09-29 21:39 - 00000000 ____D () C:\ProgramData\MGS
2015-05-03 13:25 - 2012-08-20 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2015-05-03 13:25 - 2012-06-07 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-05-03 13:25 - 2012-06-07 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2011
2015-05-03 13:25 - 2012-04-18 08:42 - 00000000 ____D () C:\ProgramData\Skype
2015-05-03 13:25 - 2012-03-14 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMI
2015-05-03 13:25 - 2012-03-14 08:43 - 00000000 ____D () C:\ProgramData\SMP
2015-05-03 13:25 - 2012-03-13 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-03 13:25 - 2012-03-13 14:45 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-03 13:25 - 2012-03-13 08:16 - 00000000 ____D () C:\ProgramData\HP
2015-05-03 13:25 - 2012-03-13 05:20 - 00000000 ____D () C:\ProgramData\HPSS
2015-05-03 13:25 - 2009-12-17 13:48 - 00000000 ____D () C:\ProgramData\Norton
2015-05-03 13:25 - 2009-12-17 13:42 - 00000000 ____D () C:\ProgramData\WildTangent
2015-05-03 13:25 - 2009-12-17 13:29 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-05-03 13:25 - 2009-12-17 13:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-05-03 13:25 - 2009-12-17 13:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-03 13:25 - 2009-12-17 13:17 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-03 13:25 - 2009-12-17 13:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-05-03 13:25 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-02 18:37 - 2015-03-18 07:21 - 00000000 ____D () C:\ProgramData\Unchecky
2015-04-29 16:23 - 2012-03-13 05:34 - 00000000 ____D () C:\Users\BR\Documents\TUMBLEWEED INVOICES
2015-04-23 15:15 - 2013-08-07 08:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-23 02:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-22 04:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-04-22 03:22 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-22 03:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-22 03:07 - 2012-03-13 16:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-22 03:06 - 2012-03-13 06:43 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-21 17:45 - 2015-04-06 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015
2015-04-21 17:45 - 2015-03-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape 0.91
2015-04-21 17:45 - 2015-03-19 12:49 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Trash Keys Finder
2015-04-21 17:45 - 2015-03-18 06:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-21 17:45 - 2015-03-05 03:16 - 00000000 ____D () C:\ProgramData\Protexis64
2015-04-21 17:45 - 2012-06-07 14:22 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-04-21 17:45 - 2012-04-18 08:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-21 17:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-21 17:42 - 2012-04-01 21:25 - 00000000 ____D () C:\Users\BR\AppData\Local\Mozilla
2015-04-21 16:43 - 2015-03-18 06:51 - 00000000 ____D () C:\Users\BR\Desktop\all pinups
2015-04-15 03:14 - 2013-08-16 12:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 09:37 - 2014-11-02 23:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-02 23:29 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-02 23:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 10:23 - 2009-07-13 21:45 - 00707192 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\BR\AppData\Roaming\BB5Ka9VGumqUrMDiPOYGi
2014-09-09 16:27 - 2014-09-09 16:30 - 0000000 _____ () C:\Users\BR\AppData\Roaming\bibstats
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\BR\AppData\Roaming\BYAIAMUF
2015-01-25 09:12 - 2015-01-25 09:12 - 0002086 _____ () C:\Users\BR\AppData\Roaming\GNOK
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2014-10-27 09:16 - 2014-11-13 20:01 - 0000308 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.Exception.log
2014-10-27 09:09 - 2014-11-28 10:44 - 0004042 _____ () C:\Users\BR\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-10-27 09:16 - 2014-11-13 20:01 - 0000308 _____ () C:\Users\BR\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-11 11:57 - 2014-11-11 11:57 - 0000044 _____ () C:\Users\BR\AppData\Roaming\WB.CFG
2014-10-27 10:02 - 2014-10-27 10:02 - 0009728 _____ () C:\Users\BR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-17 05:01 - 2015-04-17 05:01 - 0010401 _____ () C:\Users\BR\AppData\Local\recently-used.xbel
2012-06-07 21:09 - 2012-06-07 21:09 - 0000000 _____ () C:\Users\BR\AppData\Local\Temptable.xml
2012-09-23 14:15 - 2012-09-23 14:15 - 0137289 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
2012-09-23 14:15 - 2012-09-23 14:15 - 0132486 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
2012-09-23 14:15 - 2012-09-23 14:15 - 0132533 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
2012-09-23 14:15 - 2012-09-23 14:15 - 0003890 _____ () C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
2012-10-03 18:21 - 2012-10-03 18:21 - 0121078 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.0
2012-10-03 18:21 - 2012-10-03 18:21 - 0044248 _____ () C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
2012-10-03 18:18 - 2012-10-03 18:18 - 0112551 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.0
2012-10-03 18:18 - 2012-10-03 18:18 - 0040181 _____ () C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
2012-10-03 18:21 - 2012-10-03 18:21 - 0115714 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.0
2012-10-03 18:21 - 2012-10-03 18:21 - 0038427 _____ () C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
2012-10-03 18:22 - 2012-10-03 18:22 - 0134269 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.0
2012-10-03 18:22 - 2012-10-03 18:22 - 0049466 _____ () C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
2012-10-03 18:22 - 2012-10-03 18:22 - 0135858 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.0
2012-10-03 18:22 - 2012-10-03 18:22 - 0050685 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.1
2012-10-03 18:22 - 2012-10-03 18:22 - 0050520 _____ () C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
2012-10-03 18:23 - 2012-10-03 18:23 - 0136857 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.0
2012-10-03 18:23 - 2012-10-03 18:23 - 0049261 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.1
2012-10-03 18:23 - 2012-10-03 18:23 - 0049486 _____ () C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
2012-08-22 16:05 - 2012-08-22 16:05 - 0006400 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
2012-08-22 16:05 - 2012-08-22 16:05 - 0001969 _____ () C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
2014-09-04 11:40 - 2014-09-04 11:40 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-03-13 07:52 - 2014-07-22 15:04 - 0003834 _____ () C:\ProgramData\hpzinstall.log
2012-03-13 18:47 - 2012-12-22 18:06 - 0000173 _____ () C:\ProgramData\LockFilePath.ini
2012-12-02 13:08 - 2012-12-02 13:08 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\BR\AppData\Local\Temp\dateinj01.dll
C:\Users\BR\AppData\Local\Temp\HPInstaller.exe
C:\Users\BR\AppData\Local\Temp\HPPSdr.exe
C:\Users\BR\AppData\Local\Temp\Launcher__10046.exe
C:\Users\BR\AppData\Local\Temp\Launcher__10979.exe
C:\Users\BR\AppData\Local\Temp\Launcher__12837.exe
C:\Users\BR\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\BR\AppData\Local\Temp\optprosetup.exe
C:\Users\BR\AppData\Local\Temp\sqlite3.exe
C:\Users\BR\AppData\Local\Temp\SSClientUp.exe
C:\Users\BR\AppData\Local\Temp\supoptsetup.exe
C:\Users\BR\AppData\Local\Temp\WinFixPro.exe
C:\Users\BR\AppData\Local\Temp\WinFixProPackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-05 19:59

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by BR at 2015-05-08 19:04:57
Running from C:\Users\BR\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-998330651-303224156-1059126384-500 - Administrator - Disabled)
bcom (S-1-5-21-998330651-303224156-1059126384-1003 - Administrator - Enabled) => C:\Users\bcom
BR (S-1-5-21-998330651-303224156-1059126384-1004 - Administrator - Enabled) => C:\Users\BR
BRIAN (S-1-5-21-998330651-303224156-1059126384-1000 - Administrator - Enabled) => C:\Users\BRIAN
Guest (S-1-5-21-998330651-303224156-1059126384-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
AliIM Plugins for Browser (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
AliSetup 0.1.0.52 (HKLM-x32\...\AliSetup) (Version: 0.1.0.52 - °¢Àï°Í°Í£¨Öйú£©ÓÐÏÞ¹«Ë¾)
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2011 - English (HKLM\...\AutoCAD 2011 - English) (Version: 18.1.49.0 - Autodesk)
AutoCAD 2011 - English (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
eDrawings 2015 x64 (HKLM\...\{1849FD9A-F1F7-4D0C-BEE6-59C3337E5410}) (Version: 15.2.0033 - Dassault Systèmes SolidWorks Corp)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Games Bot (HKLM-x32\...\Games Bot) (Version: 161.0.0.1703 - CLICK YES BELOW LP)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM-x32\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.7 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2226 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
lection (HKLM-x32\...\{55d4b236-fe79-4782-cc2d-55acaf147087}) (Version: 1.0.0 - subpar) <==== ATTENTION!
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PE-DESIGN 8 (Trial Version) (HKLM-x32\...\{87B42878-97EC-46BB-A6AF-D3076566BC68}) (Version: 8.02.0000 - Brother Industries, Ltd.)
Photobucket Desktop (HKLM-x32\...\{D0916F1D-236D-4B9A-BCEA-F535444DCA41}) (Version: 1.0.3.1552 - Photobucket)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{99039186-EBEB-4127-BFA2-18B10A05ACE2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SewArt (HKLM\...\{1E5F099F-3186-47B6-AE81-99520B54918C}) (Version: 1.8.2 - S & S Computing)
SewWhat-Pro (HKLM\...\{5DF40802-1935-4B9F-9B7C-B16B6B875461}) (Version: 3.9.7 - S & S Computing)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SmoothDraw version 4.0.5 (HKLM-x32\...\SmoothDraw_is1) (Version: 4.0.5 - )
SMPIS (HKLM-x32\...\{999052D7-44A2-49F8-9851-A3D2D297EE03}) (Version: 29.00.000 - Merry Mechanization Inc.)
SolidWorks 2011 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20110-40200-1100-100) (Version: 19.2.0.49 - SolidWorks Corporation)
SolidWorks 2011 x64 Edition SP02 (Version: 19.120.49 - SolidWorks) Hidden
SolidWorks eDrawings 2011 SP02 (HKLM-x32\...\{67C6633B-5A12-4955-A5E4-98D703F9AFA3}) (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.)
SolidWorks eDrawings 2011 x64 Edition SP02 (Version: 11.2.113 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2011 SP02 (HKLM-x32\...\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}) (Version: 19.20.49 - SolidWorks Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SQLAnywhere1000 (HKLM-x32\...\{349E9132-5101-4094-859E-0EEE6F3DDCD5}) (Version: 10.1.4157 - Merry Mechanization Inc)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TradeManager 2011 SP2 (HKLM-x32\...\TradeManager 2011 SP2) (Version:  - Alisoft)
TradeManager 2014 Beta1 (HKLM-x32\...\TradeManager) (Version:  - Alibaba (China) Network Technology Co., Ltd.)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.8 - Tweaking.com)
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wilcom TrueSizer e3.0 (HKLM-x32\...\{E801DDB4-3CFC-496E-9E04-781EC2445D82}) (Version: 17.0.185.7427 - Wilcom)
Wilcom TrueSizer e3.0 (x32 Version: 17.0.185.7427 - Wilcom) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Co., Ltd.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\BR\AppData\Roaming\lection\gendaqof.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll (Alibaba (China) Co., Ltd.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2011\acadficn.dll (Autodesk, Inc.)

==================== Restore Points  =========================

06-05-2015 19:34:51 Windows Update
08-05-2015 11:46:46 Installed DraftSight 2015 SP2 x64.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-05-08 17:22 - 00001204 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01B68D52-81A4-4E5D-A008-EBE7A5E1D7A8} - System32\Tasks\AdobeAAMUpdater-1.0-BRIAN-PC-BR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {137B4BA2-DE24-4F80-BC1F-179956948A9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-03] (Adobe Systems Incorporated)
Task: {185DA43D-88B8-4E9E-A9EA-5C5527B4909F} - System32\Tasks\WinFixUpdater => C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe
Task: {19835642-4FB1-409E-B1C8-8C8DAB245E33} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {261C88CB-C0A6-449C-8B7E-520CB4278507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {2761B74C-FF47-4ABC-B888-2B671AC244E5} - System32\Tasks\{A5D314F0-456F-4CB4-B01B-01065EE19CB7} => pcalua.exe -a E:\setup.exe -d E:\
Task: {2A5E94B0-88B5-4A7C-AE52-03F3C01C221B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {379D608C-0688-4B10-B21D-50B5B2A22E4F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {4B06D158-F426-4D63-842D-A8D695E38F5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {58044AB4-8524-4227-9073-AAA8DF62A596} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {634A461E-0F15-4817-B934-50CFBA3F4FF1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6AB5DF9B-167C-4E53-B5F8-EC132C9AB8CD} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7016C1DA-8A0A-4266-A065-4ECEF51B751B} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {76BFAC61-5025-4C95-9233-B223F5F3731E} - System32\Tasks\{8687F8BE-E36A-4EEF-AF42-1D43D36FA6D3} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {786E9D0A-E3FE-465E-BC0D-620FE1DFB271} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {80747828-AE28-4142-B594-2A8E87EF8F5F} - System32\Tasks\{12FF90D0-0CA3-410B-8D51-6027360B341C} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {85F928BF-474B-410C-955F-9BC4A5E814AE} - System32\Tasks\{ECC6E21C-0E02-48C1-81A6-B7DF3E56C4A3} => pcalua.exe -a "C:\Program Files (x86)\MMI\MachineDriverInstaller.exe" -d C:\Users\BRIAN\Desktop -c C:\Users\BRIAN\Desktop\second-house.DXF
Task: {914C9D15-4296-4523-9ED4-18BEE51A604E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9A3CE333-775C-4F78-992D-AA2801A46B4E} - System32\Tasks\{6F7F92BF-441E-4C9E-852D-876D6730FB99} => pcalua.exe -a L:\AutoCAD_2011_English_Win_64bit.exe -d L:\
Task: {9E7B5155-9C08-45C9-9779-27D04278AC5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A351AD21-7C0A-4AA7-8E99-9E0B182558F0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A478F95E-3FEA-4AA2-9564-F616630E60FB} - System32\Tasks\{E16CF7E6-DF4D-44A7-BD43-F43C46E7E55A} => pcalua.exe -a "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data\setup.exe" -d "C:\Users\BR\Documents\SolidWorks Downloads\SolidWorks 2011 SP02\swwi\data"
Task: {A70A2B54-AF92-4ED5-925B-F34A585805AE} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3737383931313830322d32785745232a6c3455322a57 => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {AD73D1BF-E8BA-44CE-992E-38F1BF19BF40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B9BD23C7-B505-4BA0-9F95-AEBF9257AE49} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BC023B06-0D54-426A-B5F9-A28527102E43} - System32\Tasks\{349F7917-DF9C-433B-BD70-8DF9498AE672} => pcalua.exe -a C:\Windows\Installer\{4F113377-0BA1-4552-9ABB-9BF220FAF132}\i386_SldWorks.exe -d "C:\Program Files (x86)\Mozilla Firefox" -c C:\Users\BR\AppData\Local\Temp\car-trailer-tilt-deck.snapshot.1-1.zip
Task: {BEBB79F8-7713-4DBF-9FF9-0BA8E1E28A44} - System32\Tasks\{992C1360-B7C4-4ED1-9082-8E159FCB82C3} => pcalua.exe -a C:\Users\BR\Downloads\setup.exe -d C:\Users\BR\Downloads
Task: {BFA4F869-6B50-4192-B3EF-80C1E9B8A448} - System32\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l => C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.exe <==== ATTENTION
Task: {C0C1473C-062A-4435-96D0-52017A5B6ED7} - \AmiUpdXp No Task File <==== ATTENTION
Task: {DD268EF9-0389-4933-BB76-5200E5670973} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E58DB626-EECF-4E0B-B279-CE49CB629190} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EFBFF8D6-C539-4881-9214-7E4BE60C3988} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-07-30] (Microsoft)
Task: {FF68EC2C-3B0C-4266-A221-56BDB11B6623} - System32\Tasks\{9F1E4A2B-AEA4-4565-A49A-E488006A3FAF} => pcalua.exe -a C:\Users\BR\Downloads\Mach3Version3.043.066.exe -d C:\Users\BR\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job => C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2012-12-15 13:55 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-07 17:32 - 2015-05-07 17:32 - 00408576 _____ () c:\windows\mrzv.exe
2015-05-07 17:31 - 2015-05-07 17:32 - 00417792 _____ () c:\windows\rzv.exe
2014-09-26 15:41 - 2014-09-26 15:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-04-22 05:00 - 2015-04-22 05:00 - 00311912 _____ () C:\Program Files (x86)\Games Bot\GamesBot.exe
2014-09-26 15:40 - 2014-09-26 15:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-03-30 17:32 - 2015-03-30 17:32 - 00157696 _____ () C:\Users\BR\AppData\Roaming\lection\gendaqof.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00109160 _____ () C:\Program Files (x86)\Games Bot\Modules\Base.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00041576 _____ () C:\Program Files (x86)\Games Bot\Modules\inws.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00058984 _____ () C:\Program Files (x86)\Games Bot\Modules\ups.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00039528 _____ () C:\Program Files (x86)\Games Bot\Modules\alzm.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00117352 _____ () C:\Program Files (x86)\Games Bot\Modules\brs.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00090728 _____ () C:\Program Files (x86)\Games Bot\Modules\cmd.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00096872 _____ () C:\Program Files (x86)\Games Bot\Modules\sipc.dll
2015-04-22 05:02 - 2015-04-22 05:02 - 00056424 _____ () C:\Program Files (x86)\Games Bot\Modules\wdm.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-30 17:31 - 2015-03-30 17:31 - 00133120 _____ () C:\Users\BR\AppData\Roaming\lection\subcalal.dll
2014-12-29 22:24 - 2014-12-29 22:24 - 00037368 _____ () C:\Program Files (x86)\TradeManager\rv2log.dll
2014-12-29 22:24 - 2014-12-29 22:24 - 00321528 _____ () C:\Program Files (x86)\TradeManager\rv2core.dll
2014-12-29 22:23 - 2014-12-29 22:23 - 00280056 _____ () C:\Program Files (x86)\TradeManager\pcre.dll
2014-12-28 20:30 - 2014-12-28 20:30 - 01554888 _____ () C:\Program Files (x86)\TradeManager\LIBEAY32.dll
2014-12-29 22:24 - 2014-12-29 22:24 - 00368120 _____ () C:\Program Files (x86)\TradeManager\rv2archive.dll
2014-12-28 20:30 - 2014-12-28 20:30 - 00322376 _____ () C:\Windows\SysWow64\aliedit\aliedit.dll
2014-12-29 22:24 - 2014-12-29 22:24 - 00457208 _____ () C:\Program Files (x86)\TradeManager\uacagent.dll
2014-12-28 20:30 - 2014-12-28 20:30 - 00072192 _____ () C:\Program Files (x86)\TradeManager\zlibwapi.dll
2015-04-22 01:24 - 2015-04-22 01:24 - 00904704 _____ () C:\Program Files (x86)\Games Bot\System.Data.SQLite.dll
2014-09-28 22:01 - 2014-09-28 22:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2009-10-22 19:50 - 2009-10-22 19:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-11-23 17:20 - 2014-08-26 18:47 - 01491968 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-11-23 17:20 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-05-08 01:38 - 2015-03-26 07:13 - 01091584 _____ () C:\Users\BR\AppData\Local\Games Bot\Explore\libglesv2.dll
2015-05-08 01:38 - 2015-03-26 07:13 - 00167936 _____ () C:\Users\BR\AppData\Local\Games Bot\Explore\libEGL.dll
2015-05-08 01:38 - 2015-03-26 07:39 - 08569856 _____ () C:\Users\BR\AppData\Local\Games Bot\Explore\pdf.dll
2015-05-08 01:38 - 2015-03-26 07:18 - 00324608 _____ () C:\Users\BR\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
2015-05-08 01:38 - 2015-03-26 07:14 - 00880128 _____ () C:\Users\BR\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
2015-05-08 01:38 - 2014-09-22 21:07 - 14891848 _____ () C:\Users\BR\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
AlternateDataStreams: C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-998330651-303224156-1059126384-1004\...\taobao.com -> hxxp://taobao.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-998330651-303224156-1059126384-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\BR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 64.59.144.16 - 64.59.150.132

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [TCP Query User{3E24F055-A793-4BC3-9A16-D0FE6B3C463E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{844CC82B-F7C5-4BB4-8ABE-D06B094CC431}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1C7FFD34-8C45-436D-AD53-C44D6F7792E0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{39A1014D-B4E5-4D68-B513-DF866CF1346A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A322132D-798A-4408-BAC5-F78362086A27}C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{3823B4EF-6015-4882-BDB0-D08670DC6591}C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{F9766DB5-ECC7-4B39-911A-D2C992E303B2}C:\program files\corel\coreldraw graphics suite x7\programs64\corelpp.exe] => (Block) C:\program files\corel\coreldraw graphics suite x7\programs64\corelpp.exe
FirewallRules: [UDP Query User{18362DB6-11F6-41DC-A40B-6D33E9BC5EEF}C:\program files\corel\coreldraw graphics suite x7\programs64\corelpp.exe] => (Block) C:\program files\corel\coreldraw graphics suite x7\programs64\corelpp.exe
FirewallRules: [TCP Query User{B66924A1-2898-4D5F-922E-3F2B541EB8D5}C:\program files\corel\coreldraw graphics suite x7\programs64\coreldrw.exe] => (Allow) C:\program files\corel\coreldraw graphics suite x7\programs64\coreldrw.exe
FirewallRules: [UDP Query User{8870D05F-B4B6-43CB-9BC3-41BA35269015}C:\program files\corel\coreldraw graphics suite x7\programs64\coreldrw.exe] => (Allow) C:\program files\corel\coreldraw graphics suite x7\programs64\coreldrw.exe
FirewallRules: [TCP Query User{1431BE01-09D9-4AAD-99B7-12041ABAA829}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [{666E9BD3-3FBE-4AB4-9A54-FA7D16C6E956}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{003199E7-F3D4-4855-A99E-9881CCBECFB0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3293F6F-47E2-440E-BBAC-F5748EA0FE3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23E27FB3-17FA-439E-8FE2-06C493D4ADD8}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7C8C\HPDiagnosticCoreUI.exe
FirewallRules: [{E65320DB-6128-418D-A2BD-DC17A52A89CB}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7C8C\HPDiagnosticCoreUI.exe
FirewallRules: [{D3BBE9C6-0BE9-4FB5-A8CA-0BDA4BB1591F}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7CE1\HPDiagnosticCoreUI.exe
FirewallRules: [{80A410DE-8A53-407E-A8CE-B9ED8FE8020C}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS7CE1\HPDiagnosticCoreUI.exe
FirewallRules: [{E6F293E2-6915-4AC6-9F28-4A36790A0284}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS009B\HPDiagnosticCoreUI.exe
FirewallRules: [{990BBD40-2528-4C32-87D3-D1F20994748D}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS009B\HPDiagnosticCoreUI.exe
FirewallRules: [{4BACD219-02D1-4C0F-BCF2-6F813730AEAD}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0512\HPDiagnosticCoreUI.exe
FirewallRules: [{A39B8EFF-3CD5-49AF-B3E2-DBAA73C3543A}] => (Allow) C:\Users\BR\AppData\Local\Temp\7zS0512\HPDiagnosticCoreUI.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Faulty Device Manager Devices =============

Name: Photosmart C6100 series
Description: Photosmart C6100 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 05:28:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0x40000015
Fault offset: 0x00093534
Faulting process id: 0x80c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (05/08/2015 04:03:16 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (05/08/2015 04:01:55 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (05/08/2015 04:01:04 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (05/08/2015 04:00:43 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (05/08/2015 11:39:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WSCommCntr2.exe, version: 3.0.267.0, time stamp: 0x4b71796a
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004ad94
Faulting process id: 0x168c
Faulting application start time: 0xWSCommCntr2.exe0
Faulting application path: WSCommCntr2.exe1
Faulting module path: WSCommCntr2.exe2
Report Id: WSCommCntr2.exe3

Error: (05/08/2015 11:31:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Exception code: 0xc0000005
Fault offset: 0x00049b14
Faulting process id: 0xa00
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (05/08/2015 00:40:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/08/2015 00:00:05 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/07/2015 09:28:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============
Error: (05/08/2015 07:04:34 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user BRIAN-PC\BR (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (05/08/2015 06:55:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user BRIAN-PC\BR (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (05/08/2015 06:47:19 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user BRIAN-PC\BR (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (05/08/2015 05:28:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2015 05:25:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (05/08/2015 05:22:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinFix Real Time Protector service failed to start due to the following error:
%%2

Error: (05/08/2015 05:22:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (05/08/2015 05:22:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wntpport service failed to start due to the following error:
%%2

Error: (05/08/2015 05:18:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/08/2015 05:18:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-21 17:46:43.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-21 17:46:43.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 09:47:59.071
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-11 09:47:58.952
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-08 17:24:30.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-08 17:24:29.919
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-06 10:02:55.804
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-06 10:02:55.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-06 08:44:55.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-06 08:44:55.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\SYDEXFDD.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 7133.18 MB
Available physical RAM: 3496.55 MB
Total Pagefile: 14264.55 MB
Available Pagefile: 10753.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:920.39 GB) (Free:747.89 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.02 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive l: (My Book) (Fixed) (Total:2794.49 GB) (Free:2726.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================


==================== End Of Log ============================


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

First do this:
Farber Recovery Scanner needs to be running from the desktop. You have it in the downloads folder. Please move to desktop
To do that:
  • Navagate to your downloads folder--> C:\Users\BR\Downloads
  • In the downloads folder find FRST (Farber recovery scan tool)
  • Right click on it,Choose cut.
  • Go back to the desktop.
  • On an empty space right click, choose paste.
  • Farber will now have been successfully moved to desktop.
No need to do another scan after doing that.

second
Please remove this program from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
  • lection
If a program will not remove skip it and keep following instructions please.

Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinFixRealTimeProtector; C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe [X]
S2 wntpport; No ImagePath
S3 cpuz134; \??\C:\Users\BR\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2015-05-08 05:29 - 2015-05-08 05:29 - 00796024 _____ (Program ) C:\Users\BR\Downloads\Unconfirmed 876042.crdownload
2015-05-08 09:09 - 2015-05-08 09:09 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 714071.crdownload
2015-05-08 09:08 - 2015-05-08 09:08 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 306457.crdownload
2015-05-08 09:07 - 2015-05-08 09:07 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 87939.crdownload
2015-05-08 09:06 - 2015-05-08 09:06 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 858252.crdownload
2015-05-07 17:40 - 2015-05-07 17:40 - 00000000 ____D () C:\ProgramData\eaa4fa400000408b
2015-05-07 17:38 - 2015-05-07 17:38 - 00000000 ____D () C:\Users\BR\Documents\Optimizer Pro
2015-05-07 17:36 - 2015-05-08 18:40 - 00001014 _____ () C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job
2015-05-07 17:36 - 2015-05-07 17:36 - 00004034 _____ () C:\Windows\System32\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-05-07 17:35 - 2015-05-07 17:35 - 00004270 _____ () C:\Windows\System32\Tasks\WinFixUpdater
2015-05-07 17:32 - 2015-05-07 18:06 - 00000000 ____D () C:\ProgramData\{8bd5c36c-7e58-56a9-8bd5-5c36c7e50db1}
2015-05-07 17:32 - 2015-05-07 17:37 - 00000136 _____ () C:\Windows\Reimage.ini
2015-05-07 17:32 - 2015-05-07 17:37 - 00000120 _____ () C:\Windows\winfix.ini
2015-05-07 17:32 - 2015-05-07 17:35 - 00000000 ____D () C:\Program Files (x86)\Reg Pro Cleaner
2015-05-07 17:32 - 2015-05-07 17:32 - 00631296 _____ () C:\Windows\rzv.dat
2015-05-07 17:32 - 2015-05-07 17:32 - 00408576 _____ () C:\Windows\mrzv.exe
2015-05-07 17:31 - 2015-05-08 08:50 - 00000000 ____D () C:\ProgramData\{f50f9304-a593-be58-f50f-f9304a594c12}
2015-05-07 17:31 - 2015-05-07 17:32 - 00417792 _____ () C:\Windows\rzv.exe
2015-05-07 17:31 - 2015-05-07 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-05-03 09:51 - 2015-05-03 09:51 - 00000000 ____D () C:\BreakingNewsAlert
2015-05-02 18:35 - 2015-05-02 18:35 - 00000000 ____D () C:\ProgramData\57b3a3ad00003ff1
2015-05-02 18:33 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\bb3f2cb000005b88
2015-05-02 15:04 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-05-02 15:03 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\ASPackage
2015-05-02 15:02 - 2015-05-02 15:02 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-02 15:01 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\{8e475fd0-dd8d-92e3-8e47-75fd0dd87f43}
2015-05-02 14:56 - 2015-05-03 10:21 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-02 14:56 - 2015-05-02 14:56 - 00000000 ____D () C:\Users\BR\AppData\Local\CrashRpt
2015-05-02 14:55 - 2015-05-02 14:55 - 00000000 ____D () C:\ProgramData\{a636dd2d-7fce-43bf-a636-6dd2d7fc74b5}
2015-05-02 14:53 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Local\WebPlayer
2015-05-02 14:51 - 2015-05-07 23:40 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-02 14:51 - 2015-05-02 14:51 - 00000000 ____D () C:\Users\BR\AppData\Local\globalUpdate
2015-05-02 14:49 - 2015-05-03 10:21 - 00000000 ____D () C:\Users\BR\AppData\Local\BreakingNewsAlert
2015-05-02 14:49 - 2015-05-02 14:49 - 00000000 ____D () C:\Users\BR\AppData\Local\{F98E9123-90A3-4EEC-87A6-21761D689883}
2015-05-02 14:46 - 2015-05-03 13:27 - 00000000 ____D () C:\ProgramData\mceNtuX
2015-05-02 14:46 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\BreakingNewsAlert
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\BB5Ka9VGumqUrMDiPOYGi
2015-05-08 18:41 - 2014-02-11 23:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\BR\AppData\Roaming\lection\gendaqof.dll () <==== ATTENTION
Task: C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job => C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.exe <==== ATTENTION
FF user.js: detected! => C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\user.js [2015-05-07]
2015-05-08 01:37 - 2015-05-08 01:37 - 00000000 ____D () C:\Users\BR\AppData\Roaming\lection
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post:
The Fixlog.txt. that log will be found on the desktop after fix has run.
  • 0

#5
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

hi could  not find" lection" to uninstall it , here is the fixlog txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by BR at 2015-05-09 18:47:33 Run:1
Running from C:\Users\BR\Downloads
Loaded Profiles: BR (Available profiles: BRIAN & bcom & BR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
createrestorepoint:
C:\Program Files\WinZip\Utils\WzSysScan
C:\Program Files (x86)\Free Easy CD DVD Burner
C:\ProgramData\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}
C:\Users\All Users\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}
C:\Users\bcom\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js        
C:\Users\BR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js
C:\Users\BR\AppData\Local\Temp\7zS0199
C:\Users\BR\AppData\Local\Temp\7zS3F17
C:\Users\BR\AppData\Roaming\rmi\Unlocker1.9.2 (1).exe
C:\Users\BR\Desktop\SewArt64-25601984.exe
C:\Users\BR\Downloads\cbsidlm-cbsi134-ALNO_AG_Kitchen_Planner-SEO-10400750.exe           
C:\Users\BR\Downloads\cbsidlm-cbsi134-Free_PDF_to_Word_Converter-SEO-10849566(1).exe              
C:\Users\BR\Downloads\cbsidlm-cbsi134-Free_PDF_to_Word_Converter-SEO-10849566.exe
C:\Users\BR\Downloads\cbsidlm-cbsi134-ImgBurn-SEO-10847481.exe   
C:\Users\BR\Downloads\cbsidlm-cbsi188-PhoXo-SEO-75374051.exe
C:\Users\BR\Downloads\cbsidlm-cbsi213-Awesome_Duplicate_Photo_Finder-SEO-75206819.exe
C:\Users\BR\Downloads\cbsidlm-tr1_14-Bejeweled_Jasmine-SEO-75956863.exe
C:\Users\BR\Downloads\cbsidlm-tr1_14-BS1_Accounting-SEO-10007255.exe
C:\Users\BR\Downloads\ccsetup404(1).exe
C:\Users\BR\Downloads\ccsetup404.exe             
C:\Users\BR\Downloads\ccsetup405.exe             
C:\Users\BR\Downloads\ccsetup407.exe            
C:\Users\BR\Downloads\ccsetup410.exe             
C:\Users\BR\Downloads\ccsetup417(1).exe       
C:\Users\BR\Downloads\ccsetup417.exe             
C:\Users\BR\Downloads\FoxitReader606.0722_enu_Setup.exe              
C:\Users\BR\Downloads\SkypeSetup-16427221-none.exe          
C:\Users\BR\Downloads\HP Downloads\HP Officejet Pro 8620 e-All-in-One Printer series Full Feature Software and Drivers - OJ8620_198.exe            
C:\Users\BR\Downloads\HP Downloads\?Logiciels et pilotes complets pour imprimantes HP Deskjet Pro 8620 e-All-in-One - OJ8620_198.exe               
C:\Users\BRIAN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js        
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js        
C:\Windows\Installer\51948e1.msi
C:\Windows\Installer\MSIC41.tmp
C:\Windows\Installer\MSICB29.tmp
Task: {3FEB099C-1396-4994-BCD8-9335686FEAE1} - \{3B22DB93-5D1E-4887-A309-936490D348AA} No Task File <==== ATTENTION
Task: {6937A1AC-3E01-4BF9-B20F-503455F33CE2} - \{EE7250D0-13DD-4831-92FA-5FF718F977CD} No Task File <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" No File
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" No File
RemoveProxy:
Hosts:
Emptytemp:

*****************

Restore point was successfully created.
"C:\Program Files\WinZip\Utils\WzSysScan" => File/Directory not found.
"C:\Program Files (x86)\Free Easy CD DVD Burner" => File/Directory not found.
"C:\ProgramData\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}" => File/Directory not found.
"C:\Users\All Users\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}" => File/Directory not found.
"C:\Users\bcom\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js" => File/Directory not found.
"C:\Users\BR\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js" => File/Directory not found.
"C:\Users\BR\AppData\Local\Temp\7zS0199" => File/Directory not found.
"C:\Users\BR\AppData\Local\Temp\7zS3F17" => File/Directory not found.
"C:\Users\BR\AppData\Roaming\rmi\Unlocker1.9.2 (1).exe" => File/Directory not found.
"C:\Users\BR\Desktop\SewArt64-25601984.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-cbsi134-ALNO_AG_Kitchen_Planner-SEO-10400750.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-cbsi134-Free_PDF_to_Word_Converter-SEO-10849566(1).exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-cbsi134-Free_PDF_to_Word_Converter-SEO-10849566.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-cbsi134-ImgBurn-SEO-10847481.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-cbsi188-PhoXo-SEO-75374051.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-cbsi213-Awesome_Duplicate_Photo_Finder-SEO-75206819.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-tr1_14-Bejeweled_Jasmine-SEO-75956863.exe" => File/Directory not found.
"C:\Users\BR\Downloads\cbsidlm-tr1_14-BS1_Accounting-SEO-10007255.exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup404(1).exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup404.exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup405.exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup407.exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup410.exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup417(1).exe" => File/Directory not found.
"C:\Users\BR\Downloads\ccsetup417.exe" => File/Directory not found.
"C:\Users\BR\Downloads\FoxitReader606.0722_enu_Setup.exe" => File/Directory not found.
"C:\Users\BR\Downloads\SkypeSetup-16427221-none.exe" => File/Directory not found.
C:\Users\BR\Downloads\HP Downloads\HP Officejet Pro 8620 e-All-in-One Printer series Full Feature Software and Drivers - OJ8620_198.exe => Moved successfully.
Could not move "C:\Users\BR\Downloads\HP Downloads\?Logiciels et pilotes complets pour imprimantes HP Deskjet Pro 8620 e-All-in-One - OJ8620_198.exe" => Scheduled to move on reboot.
"C:\Users\BRIAN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js" => File/Directory not found.
"C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhlggpfgfhboddiaobbadofpaoamana\1.0\oEb3j.js" => File/Directory not found.
"C:\Windows\Installer\51948e1.msi" => File/Directory not found.
"C:\Windows\Installer\MSIC41.tmp" => File/Directory not found.
"C:\Windows\Installer\MSICB29.tmp" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FEB099C-1396-4994-BCD8-9335686FEAE1} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B22DB93-5D1E-4887-A309-936490D348AA} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6937A1AC-3E01-4BF9-B20F-503455F33CE2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EE7250D0-13DD-4831-92FA-5FF718F977CD} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => Key not found.
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" No File => Key not found.
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" No File not found.
HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" No File => Key not found.
FF Plugin HKU\S-1-5-21-998330651-303224156-1059126384-1004: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" No File not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 12.1 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-05-09 19:06:31)<=

"C:\Users\BR\Downloads\HP Downloads\?Logiciels et pilotes complets pour imprimantes HP Deskjet Pro 8620 e-All-in-One - OJ8620_198.exe" => File could not move.

==== End of Fixlog 19:06:31 ====


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

That's the wrong fix log.

You're posting a fix from march when you were being helped at that time--> http://www.geekstogo...the-time/page-2
  • 0

#7
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

ok i am going to delite thefix  logds !!!!!!!!!!!!!!!! sorry way over my head before my computer downloaded everthig

ng to my decktop now I dont know were they are going . I just downloaded the file  why did it not go to my desktop?


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
There's nothing to download here's the fix.

Copy to notepad, save as fixlist.txt to desktop, then open frst and run fix.

Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinFixRealTimeProtector; C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe [X]
S2 wntpport; No ImagePath
S3 cpuz134; \??\C:\Users\BR\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2015-05-08 05:29 - 2015-05-08 05:29 - 00796024 _____ (Program ) C:\Users\BR\Downloads\Unconfirmed 876042.crdownload
2015-05-08 09:09 - 2015-05-08 09:09 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 714071.crdownload
2015-05-08 09:08 - 2015-05-08 09:08 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 306457.crdownload
2015-05-08 09:07 - 2015-05-08 09:07 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 87939.crdownload
2015-05-08 09:06 - 2015-05-08 09:06 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 858252.crdownload
2015-05-07 17:40 - 2015-05-07 17:40 - 00000000 ____D () C:\ProgramData\eaa4fa400000408b
2015-05-07 17:38 - 2015-05-07 17:38 - 00000000 ____D () C:\Users\BR\Documents\Optimizer Pro
2015-05-07 17:36 - 2015-05-08 18:40 - 00001014 _____ () C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job
2015-05-07 17:36 - 2015-05-07 17:36 - 00004034 _____ () C:\Windows\System32\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-05-07 17:35 - 2015-05-07 17:35 - 00004270 _____ () C:\Windows\System32\Tasks\WinFixUpdater
2015-05-07 17:32 - 2015-05-07 18:06 - 00000000 ____D () C:\ProgramData\{8bd5c36c-7e58-56a9-8bd5-5c36c7e50db1}
2015-05-07 17:32 - 2015-05-07 17:37 - 00000136 _____ () C:\Windows\Reimage.ini
2015-05-07 17:32 - 2015-05-07 17:37 - 00000120 _____ () C:\Windows\winfix.ini
2015-05-07 17:32 - 2015-05-07 17:35 - 00000000 ____D () C:\Program Files (x86)\Reg Pro Cleaner
2015-05-07 17:32 - 2015-05-07 17:32 - 00631296 _____ () C:\Windows\rzv.dat
2015-05-07 17:32 - 2015-05-07 17:32 - 00408576 _____ () C:\Windows\mrzv.exe
2015-05-07 17:31 - 2015-05-08 08:50 - 00000000 ____D () C:\ProgramData\{f50f9304-a593-be58-f50f-f9304a594c12}
2015-05-07 17:31 - 2015-05-07 17:32 - 00417792 _____ () C:\Windows\rzv.exe
2015-05-07 17:31 - 2015-05-07 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-05-03 09:51 - 2015-05-03 09:51 - 00000000 ____D () C:\BreakingNewsAlert
2015-05-02 18:35 - 2015-05-02 18:35 - 00000000 ____D () C:\ProgramData\57b3a3ad00003ff1
2015-05-02 18:33 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\bb3f2cb000005b88
2015-05-02 15:04 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-05-02 15:03 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\ASPackage
2015-05-02 15:02 - 2015-05-02 15:02 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-02 15:01 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\{8e475fd0-dd8d-92e3-8e47-75fd0dd87f43}
2015-05-02 14:56 - 2015-05-03 10:21 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-02 14:56 - 2015-05-02 14:56 - 00000000 ____D () C:\Users\BR\AppData\Local\CrashRpt
2015-05-02 14:55 - 2015-05-02 14:55 - 00000000 ____D () C:\ProgramData\{a636dd2d-7fce-43bf-a636-6dd2d7fc74b5}
2015-05-02 14:53 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Local\WebPlayer
2015-05-02 14:51 - 2015-05-07 23:40 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-02 14:51 - 2015-05-02 14:51 - 00000000 ____D () C:\Users\BR\AppData\Local\globalUpdate
2015-05-02 14:49 - 2015-05-03 10:21 - 00000000 ____D () C:\Users\BR\AppData\Local\BreakingNewsAlert
2015-05-02 14:49 - 2015-05-02 14:49 - 00000000 ____D () C:\Users\BR\AppData\Local\{F98E9123-90A3-4EEC-87A6-21761D689883}
2015-05-02 14:46 - 2015-05-03 13:27 - 00000000 ____D () C:\ProgramData\mceNtuX
2015-05-02 14:46 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\BreakingNewsAlert
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\BB5Ka9VGumqUrMDiPOYGi
2015-05-08 18:41 - 2014-02-11 23:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\BR\AppData\Roaming\lection\gendaqof.dll () <==== ATTENTION
Task: C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job => C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.exe <==== ATTENTION
FF user.js: detected! => C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\user.js [2015-05-07]
2015-05-08 01:37 - 2015-05-08 01:37 - 00000000 ____D () C:\Users\BR\AppData\Roaming\lection
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post:
The Fixlog.txt. that log will be found on the desktop after fix has run.
  • 0

#9
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

go it

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by BR at 2015-05-10 09:02:53 Run:2
Running from C:\Users\BR\Desktop
Loaded Profiles: BR (Available profiles: BRIAN & bcom & BR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 WinFixRealTimeProtector; C:\Program Files\WinFix\WinFix Protector\WinFixGuard.exe [X]
S2 wntpport; No ImagePath
S3 cpuz134; \??\C:\Users\BR\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2015-05-08 05:29 - 2015-05-08 05:29 - 00796024 _____ (Program ) C:\Users\BR\Downloads\Unconfirmed 876042.crdownload
2015-05-08 09:09 - 2015-05-08 09:09 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 714071.crdownload
2015-05-08 09:08 - 2015-05-08 09:08 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 306457.crdownload
2015-05-08 09:07 - 2015-05-08 09:07 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 87939.crdownload
2015-05-08 09:06 - 2015-05-08 09:06 - 00795184 _____ (Software Installer Program ) C:\Users\BR\Downloads\Unconfirmed 858252.crdownload
2015-05-07 17:40 - 2015-05-07 17:40 - 00000000 ____D () C:\ProgramData\eaa4fa400000408b
2015-05-07 17:38 - 2015-05-07 17:38 - 00000000 ____D () C:\Users\BR\Documents\Optimizer Pro
2015-05-07 17:36 - 2015-05-08 18:40 - 00001014 _____ () C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job
2015-05-07 17:36 - 2015-05-07 17:36 - 00004034 _____ () C:\Windows\System32\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-05-07 17:35 - 2015-05-07 17:35 - 00004270 _____ () C:\Windows\System32\Tasks\WinFixUpdater
2015-05-07 17:32 - 2015-05-07 18:06 - 00000000 ____D () C:\ProgramData\{8bd5c36c-7e58-56a9-8bd5-5c36c7e50db1}
2015-05-07 17:32 - 2015-05-07 17:37 - 00000136 _____ () C:\Windows\Reimage.ini
2015-05-07 17:32 - 2015-05-07 17:37 - 00000120 _____ () C:\Windows\winfix.ini
2015-05-07 17:32 - 2015-05-07 17:35 - 00000000 ____D () C:\Program Files (x86)\Reg Pro Cleaner
2015-05-07 17:32 - 2015-05-07 17:32 - 00631296 _____ () C:\Windows\rzv.dat
2015-05-07 17:32 - 2015-05-07 17:32 - 00408576 _____ () C:\Windows\mrzv.exe
2015-05-07 17:31 - 2015-05-08 08:50 - 00000000 ____D () C:\ProgramData\{f50f9304-a593-be58-f50f-f9304a594c12}
2015-05-07 17:31 - 2015-05-07 17:32 - 00417792 _____ () C:\Windows\rzv.exe
2015-05-07 17:31 - 2015-05-07 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-05-03 09:51 - 2015-05-03 09:51 - 00000000 ____D () C:\BreakingNewsAlert
2015-05-02 18:35 - 2015-05-02 18:35 - 00000000 ____D () C:\ProgramData\57b3a3ad00003ff1
2015-05-02 18:33 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\bb3f2cb000005b88
2015-05-02 15:04 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-05-02 15:03 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Roaming\ASPackage
2015-05-02 15:02 - 2015-05-02 15:02 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-02 15:01 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\{8e475fd0-dd8d-92e3-8e47-75fd0dd87f43}
2015-05-02 14:56 - 2015-05-03 10:21 - 00000000 ____D () C:\ProgramData\SearchModule
2015-05-02 14:56 - 2015-05-02 14:56 - 00000000 ____D () C:\Users\BR\AppData\Local\CrashRpt
2015-05-02 14:55 - 2015-05-02 14:55 - 00000000 ____D () C:\ProgramData\{a636dd2d-7fce-43bf-a636-6dd2d7fc74b5}
2015-05-02 14:53 - 2015-05-02 18:33 - 00000000 ____D () C:\Users\BR\AppData\Local\WebPlayer
2015-05-02 14:51 - 2015-05-07 23:40 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-02 14:51 - 2015-05-02 14:51 - 00000000 ____D () C:\Users\BR\AppData\Local\globalUpdate
2015-05-02 14:49 - 2015-05-03 10:21 - 00000000 ____D () C:\Users\BR\AppData\Local\BreakingNewsAlert
2015-05-02 14:49 - 2015-05-02 14:49 - 00000000 ____D () C:\Users\BR\AppData\Local\{F98E9123-90A3-4EEC-87A6-21761D689883}
2015-05-02 14:46 - 2015-05-03 13:27 - 00000000 ____D () C:\ProgramData\mceNtuX
2015-05-02 14:46 - 2015-05-02 18:33 - 00000000 ____D () C:\ProgramData\BreakingNewsAlert
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l
2015-04-14 09:28 - 2015-04-14 09:28 - 00004387 _____ () C:\Users\BR\AppData\Roaming\BB5Ka9VGumqUrMDiPOYGi
2015-05-08 18:41 - 2014-02-11 23:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\BR\AppData\Roaming\lection\gendaqof.dll () <==== ATTENTION
Task: C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job => C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.exe <==== ATTENTION
FF user.js: detected! => C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\user.js [2015-05-07]
2015-05-08 01:37 - 2015-05-08 01:37 - 00000000 ____D () C:\Users\BR\AppData\Roaming\lection
CMD: ipconfig /flushdns
hosts:
Emptytemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
WinFixRealTimeProtector => Service not found.
wntpport => Service deleted successfully.
cpuz134 => Service not found.
LMIInfo => Service deleted successfully.
C:\Users\BR\Downloads\Unconfirmed 876042.crdownload => Moved successfully.
C:\Users\BR\Downloads\Unconfirmed 714071.crdownload => Moved successfully.
C:\Users\BR\Downloads\Unconfirmed 306457.crdownload => Moved successfully.
C:\Users\BR\Downloads\Unconfirmed 87939.crdownload => Moved successfully.
C:\Users\BR\Downloads\Unconfirmed 858252.crdownload => Moved successfully.
C:\ProgramData\eaa4fa400000408b => Moved successfully.
C:\Users\BR\Documents\Optimizer Pro => Moved successfully.
"C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job" => File/Directory not found.
"C:\Windows\System32\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l" => File/Directory not found.
"C:\Windows\System32\Tasks\WinFixUpdater" => File/Directory not found.
C:\ProgramData\{8bd5c36c-7e58-56a9-8bd5-5c36c7e50db1} => Moved successfully.
"C:\Windows\Reimage.ini" => File/Directory not found.
"C:\Windows\winfix.ini" => File/Directory not found.
C:\Program Files (x86)\Reg Pro Cleaner => Moved successfully.
"C:\Windows\rzv.dat" => File/Directory not found.
"C:\Windows\mrzv.exe" => File/Directory not found.
C:\ProgramData\{f50f9304-a593-be58-f50f-f9304a594c12} => Moved successfully.
"C:\Windows\rzv.exe" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip" => File/Directory not found.
C:\BreakingNewsAlert => Moved successfully.
C:\ProgramData\57b3a3ad00003ff1 => Moved successfully.
C:\ProgramData\bb3f2cb000005b88 => Moved successfully.
C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage => Moved successfully.
C:\Users\BR\AppData\Roaming\ASPackage => Moved successfully.
C:\Program Files (x86)\predm => Moved successfully.
C:\ProgramData\{8e475fd0-dd8d-92e3-8e47-75fd0dd87f43} => Moved successfully.
C:\ProgramData\SearchModule => Moved successfully.
C:\Users\BR\AppData\Local\CrashRpt => Moved successfully.
C:\ProgramData\{a636dd2d-7fce-43bf-a636-6dd2d7fc74b5} => Moved successfully.
C:\Users\BR\AppData\Local\WebPlayer => Moved successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Users\BR\AppData\Local\globalUpdate => Moved successfully.
C:\Users\BR\AppData\Local\BreakingNewsAlert => Moved successfully.
C:\Users\BR\AppData\Local\{F98E9123-90A3-4EEC-87A6-21761D689883} => Moved successfully.
C:\ProgramData\mceNtuX => Moved successfully.
C:\ProgramData\BreakingNewsAlert => Moved successfully.
C:\Users\BR\AppData\Roaming\NTEZ4z8bEEU7lEVYC3vmSoEQV5l => Moved successfully.
C:\Users\BR\AppData\Roaming\BB5Ka9VGumqUrMDiPOYGi => Moved successfully.
C:\ProgramData\boost_interprocess => Moved successfully.
HKU\S-1-5-21-998330651-303224156-1059126384-1004_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} => Key not found.
C:\Windows\Tasks\NTEZ4z8bEEU7lEVYC3vmSoEQV5l.job not found.
C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\user.js not found.
"C:\Users\BR\AppData\Roaming\lection" => File/Directory not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 246.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:03:38 ====


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log
Thanks
Joe :)
  • 0

Advertisements


#11
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

# AdwCleaner v4.203 - Logfile created 10/05/2015 at 20:39:44
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : BR - BRIAN-PC
# Running from : C:\Users\BR\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\HitsBlender
Folder Deleted : C:\Program Files (x86)\QuickRef_1.10.0.13
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DesktopDock
Folder Deleted : C:\Users\BR\AppData\Local\SmartWeb
Folder Deleted : C:\Users\BR\AppData\Local\Games Bot
Folder Deleted : C:\Users\BR\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\ComputerUpdaterLM.ocx
File Deleted : C:\Windows\SysWOW64\CUUpdateComponent.ocx
File Deleted : C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\5vqkojcs.default-1425818769644\searchplugins\startpointkms.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\817f8a53-6176-cf10-397e-e47620a363ac
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\estdemin
Key Deleted : HKCU\Software\Corez
Key Deleted : HKLM\SOFTWARE\HitsBlender
Key Deleted : HKLM\SOFTWARE\SiteSee
Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.2 (x86 en-US)

Hi Joe, here is the first log

-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [2775 bytes] - [10/05/2015 20:31:18]
AdwCleaner[S0].txt - [2663 bytes] - [10/05/2015 20:39:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2722  bytes] ##########
 


  • 0

#12
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 7 Home Premium x64
Ran by BR on 10/05/2015 at 20:49:45.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{01099F73-877E-4625-8692-D04CB324E9B4}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{0413D425-08D0-48EC-BDC5-9F98488B99E0}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{07A25C5E-EBC8-4149-A71A-022D5A26C8D4}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{0CECE596-CD11-46CE-8A0F-4174CE98DE77}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{110BC310-EF4A-4C9B-9FA8-C905CEC42DA3}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{131A4047-96BD-45EA-9629-906BD1704ECD}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{13D0E6A2-1FE2-40D1-B726-2696ABD7923A}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{162C6D38-2ADD-4845-A082-A26BED6E611F}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{1B6FF9DE-4B19-4C86-B939-F45FECBA6F00}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{1E2DFD79-B7F9-4A27-870C-EFD49899744F}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{1E8E974D-0ED4-4BD1-B062-39CEB1C18C9E}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{23EAB0E3-89E0-42EE-87E7-4B626725CF92}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{24840381-A84B-484E-B209-614E964446F5}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{28DBAF16-0F4C-46A7-85E2-C695ADA15719}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{2962BD0D-94B4-4B6D-91FC-F6C0842D76F3}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{29B38EC7-E530-479D-8636-D30FB458D8FA}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{2BDAA665-4A61-4C94-9F46-B8EA4BFE1265}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{2D988E01-6E7B-410E-A5C1-729D36DF8D61}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{3033CB2A-CB1D-4E60-A780-D51E6225834F}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{304DB668-6B78-40F3-AE60-2013D494A085}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{309687B3-D608-4EE6-B7CD-05987201BE1C}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{34B1EBAB-A316-494C-A3B8-6C1770708381}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{34B42FFA-42DC-4901-8E87-D0E3B2AD3266}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{34E6D3C1-27EF-433D-9DC9-0F019842CF98}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{36255A68-CB92-4169-9C10-3AC18A98860B}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{36939B5D-AF1B-4B16-8F4D-77BAC04FFD60}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{36CC917F-60CA-48D6-942F-63A7B1B27FEA}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{3771D3BE-092E-41B5-809F-CBAA55F006DC}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{391E1850-2229-4B33-82BF-36DBC96874B7}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{42F7152F-4956-4C2A-A246-A1BA4D965CE6}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{48A5BB88-B079-4DB7-82E1-FA13510BD7E6}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{498DB233-0DEE-4B14-8417-E667324C30B2}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{4AE04381-E5C3-4543-8A93-0DF10C3024C4}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{4B1AC328-D9C3-44C4-9B9D-D015E0BEAA09}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{4BC932AC-8251-4153-892B-333AC13428B4}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{4D921765-DFAC-4952-91B0-AED895155A61}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{4F19E24C-2A02-4ACC-8854-D93336C6CB39}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{52019EA2-2FEE-4531-8AB2-253E075D40F9}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{534AF6F3-8DD1-47BE-9F90-F98DEE6DF489}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{55A14EE5-17CD-4AB4-9CD1-7E87C8C84467}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{589EAA1A-D323-4FCB-9333-1810722639FC}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{594F5E02-FDC5-439C-9B2B-B670B75BE9B8}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{59A8AB7B-9A33-4271-9512-5A6F51397512}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{59F3D40B-8BBF-4266-A5E7-7E12278A825C}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{5AF70EB7-AFD3-4386-860E-FC21FFABA6E1}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{5CA568D0-0E94-43AD-AA80-317EAC6F66D6}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{5D88A51D-F8AA-4A5D-BD19-120A52CAB1E5}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{5FB551FA-357F-4460-B364-2B2F434DAB4E}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{61BFEC19-24B8-4FCA-B792-BEE90AF4E154}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{637EB0EC-F261-40B6-9798-6AB8DF9B716B}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{63BB450E-3CCA-4436-8DE5-546E3C19D734}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{69580F32-205F-41D5-9D9E-678A801968C5}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{6A2669DD-17D5-4AE1-B4B9-8589FDA719F3}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{6B5EFDFD-B69B-41F5-BAD0-D5E0DDC6F59F}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{70073097-28E4-4A16-9509-35B778D85D5B}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{7078A06D-09AD-41C8-8BA7-B8828A9221F3}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{70E2B105-2B61-405C-BC14-15CBDE2CE2F7}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{72A33745-7BA4-49C0-9D64-98C385F31F36}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{78B3E208-C221-4CBF-81BF-3F21F7C0C21A}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{7A22494A-96DD-445A-ACDB-63CAFBE0F32D}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{7EE44387-BF52-42E6-8B9A-373E5CD5B3AE}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{7FB29E4C-8805-4225-95FC-AE437EE7214D}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{823D3311-33DD-40A4-AAD6-66215FE66480}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{8634D72C-DB53-4127-912A-784A56508F47}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{86527CCB-F6E7-4450-BC3F-A0E18C5C94D3}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{87BE99A4-312F-4CD2-8136-3FAD5FC3C28D}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{883F954C-4022-4B49-B309-8674822EDCEC}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{886CA6BC-9BE3-4811-81A8-E5AAF20B4132}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{8A7EF699-441D-47B5-B130-C7A361A4333E}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{8B7A4E1C-8F97-4457-A99A-216C4D85AFA7}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{8F30AAA5-2993-415A-BBC2-9E1FFF8D6BA2}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{91A7897A-9537-4D2B-A88B-70CF2F3F3C4D}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{937AD1EF-2374-4C00-94AD-11E3BE423E22}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{9514C0D3-66E4-4420-A079-8972BD26D8AE}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{9579CE65-90F5-4DDE-9CCC-B6A47516F62A}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{9759DDEB-1937-45D7-A1AB-1C0D7973003A}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{99A624BD-D610-497B-AE40-0C8B38D45F5C}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{9C81243B-1A20-4566-9090-E197A8488294}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{9DBEE6D1-E761-43F6-99D6-D56409FF0696}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{A80C4565-3F16-41BB-8352-F16E8F000493}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{A8E92FB1-7A8B-43CD-8C73-39033B63C20D}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{A975B4D8-5384-4BAA-AB02-C13ED97879D2}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{AA7E88AB-AF75-409B-8BC4-1A9F847C2EDA}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{AAA4EAD5-9824-49BA-90D1-637D554A1C2C}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{AB343204-5D6A-46E0-9573-93797334369D}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{B5CAB439-B6D6-4456-9FFB-40765B05D39A}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{B645FCAC-4FFF-4B34-BABC-E8830BABE173}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{BAD81EFA-9C9A-4F6F-93A7-43E42B055959}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{C24A3FB2-B690-4FE8-ACDB-0FE4E8D2E502}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{C747753F-0CBB-4E79-9FE2-BAF9F600DB95}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{C9A05803-3014-40FA-A30F-5895CFD19352}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{CAF2D4C0-26ED-4634-AE89-018762DA8D06}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{CC6A5DD9-C334-4C21-A4B8-54A0EEC5F9BB}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{D7810CC2-2A98-4139-8B1C-2351565667A6}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{DE49EE3D-4066-4D08-B3AC-66167BC226EC}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{E21E9675-59D5-4A23-A334-12E992D883CA}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{E419D834-F9DB-4D2E-821C-A28A4DA9031C}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{E737BC12-9871-407D-9FB0-566395069BC1}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{E75345C9-4752-4C90-BE51-8F42099F3CCA}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{ECFFDEBB-D1BF-47B7-8914-05C5EDCFB77B}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{ED1FA75F-3964-40FF-9FD7-F24EFAEB3605}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{EF78B6A6-5363-4A6E-AF5B-75F6655763B0}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{F7F791AC-9C94-4E3D-AFBD-C3A2FED8579F}
Successfully deleted: [Empty Folder] C:\Users\BR\appdata\local\{F8A5DC72-EEF8-48A0-A54F-CFA1626D05B1}



~~~ FireFox

Emptied folder: C:\Users\BR\AppData\Roaming\mozilla\firefox\profiles\5vqkojcs.default-1425818769644\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/05/2015 at 20:52:58.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thanx Joe


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

Hello,

 

If you already have malwarebytes you can skip the download part,  please do a scan with it.

 

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

 

Thanks

Joe :)


  • 0

#14
RUSTY2

RUSTY2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 164 posts

Ran scan nothing found  Great thanx Joe

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/05/2015

Scan Time: 7:35:03 AM

Logfile:

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.11.03

Rootkit Database: v2015.04.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: BR

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 562988

Time Elapsed: 31 min, 45 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,
Are you having any issues right now and if so what browser ? 

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic. We do this to see what is left in the logs to attend to.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP