Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Anti Virus and Windows Update not working


  • Please log in to reply

#1
hotdog_1984

hotdog_1984

    Member

  • Member
  • PipPip
  • 28 posts

Hi,

 

I'm hoping I can have some help please.  My anti virus software all of a sudden stopped providing real time protection.  I had Avira Antivirus and it couldn't be enabled.  I have then tried various other Antivirus software programs (Avast / AVG) and nothing will enable.  I have managed to run scans through various adware removal programs and also Trend Micro online and I'm getting messages saying everything has been cleared, but clearly there is an issue.  Windows Defender is also disabled and can't be enabled and neither will Windows Update.  So at the moment I'm without updates or virus protection and can't resolve it.  Please can I have some help.

 

Here is my Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Matt (administrator) on MATT-PC on 24-07-2015 22:25:18
Running from C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GZ22TFM
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-04] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-18] (Avast Software s.r.o.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\e93caa8c-8f35-4e9f-ac67-dbce21c8d2b1.exe [183232 2015-07-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe [623792 2015-06-23] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {5681C7A8-6D2C-4454-8804-EFC7ACE05B89} URL = http://www.buenosear...rchTerms}&r=805
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-18] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-18] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-02] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1
Tcpip\..\Interfaces\{4F5B2ED9-FFBF-4297-BE05-E23927C0EBF7}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-07-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-07-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\user.js [2014-07-08]
FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-07-08]
FF Extension: Plus-HD-V1.1 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected]59f58c578.com [2014-07-08]
FF Extension: foxfilterinspiredeffectnet - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: 48 dresses - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF Extension: SaleePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\o[email protected] [2015-04-16]
FF Extension: SAlePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: bestadblocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SAlePlluis - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SalePluus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-18]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (Bookmark Manager) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-07-23]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Quick start) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-14]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "175b006c71bbd734" service could not be unlocked. <===== ATTENTION

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-18] (Avast Software s.r.o.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 175b006c71bbd734; C:\Windows\System32\Drivers\175b006c71bbd734.sys [41424 2014-08-25] () <===== ATTENTION Necurs Rootkit?
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-18] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-18] (Avast Software s.r.o.)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-18] (Avast Software s.r.o.)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-18] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-18] (Avast Software s.r.o.)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-18] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-18] (Avast Software s.r.o.)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-18] ()
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [22576 2009-06-03] () [File not signed]
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [20016 2009-06-03] () [File not signed]
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60464 2009-06-03] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
S3 npf; C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
R3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [File not signed]
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [246376 2010-06-17] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfslh.sys [767144 2013-06-26] () [File not signed]
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [273576 2013-06-26] () [File not signed]
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [28840 2013-06-26] () [File not signed]
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvollh.sys [23208 2013-06-26] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [204568 2013-10-28] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [301104 2009-12-10] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
R3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [File not signed]
R3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [17408 2010-07-09] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [File not signed]
R3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
U5 175b006c71bbd734;  <===== ATTENTION Locked Service

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys AA0B7720D0CB89DCC3363E5DBDF3EBB6
C:\Windows\system32\drivers\aswMonFlt.sys 3B154DDD747CBAC31E33B276800736B0
C:\Windows\system32\drivers\aswRdr2.sys CF1BFE4B95F0626C10E96A48B9B8EAC6
C:\Windows\System32\Drivers\aswRvrt.sys 67C5C6F9DE8F6B43372EDADEBAD85E67
C:\Windows\system32\drivers\aswSnx.sys BE3D7AC282909F1352742F98DA2C9D18
C:\Windows\system32\drivers\aswSP.sys 2EF2CB17A9C46AE16276A15EF2F3AF74
C:\Windows\system32\drivers\aswStm.sys D4408FE64734D8DA69AB699D8A4AEF0D
C:\Windows\System32\Drivers\aswVmm.sys 8DF6664681FF5ADDBEB0D749B85B6544
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys E642491F64E58CD5BC8FB8B347DCF65F
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 955FFE2B1D74A9E0E3E0E558E6A17F3B
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys D409D4A4517865131999FAC96D366CBF
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FlashUSB.sys 322761FBC5D9439EE46FA997B4F88064
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 1384872112E8E7FD5786ECEB8BDDF4C9
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 235362D403D9D677514649D88DB31914
C:\Windows\System32\DRIVERS\IntcDAud.sys 03C74719D48056A1078F3A51CEB76BAA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys 37E053A2CF8F0082B689ED74106E0CEC
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\msahci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\msdsm.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\Msfs.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\mshidkmdf.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\msisadrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSKSSRV.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSPCLOCK.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSPQM.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\MsRPC.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\mssmbios.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\MSTEE.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\MTConfig.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\mup.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\nwifi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\ndis.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndiscap.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndistapi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndisuio.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ndiswan.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\NDProxy.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\netbios.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\netbt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\nfrd960.sys D41D8CD98F00B204E9800998ECF8427E
C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\system32\drivers\NTIDrvr.sys EE3BA1024594D5D09E314F206B94069E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\nvstor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\nv_agp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\ohci1394.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\parport.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\partmgr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\pci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\pciide.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\pcmcia.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\pcw.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\peauth.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\raspptp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\processr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\pacer.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\ql2300.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\ql40xx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\qwavedrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\rasacd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\raspppoe.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\rassstp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\rdbss.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\rdpbus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\RDPCDD.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\rdpencdd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\rdprefmp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\RDPWD.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\rdyboost.sys D41D8CD98F00B204E9800998ECF8427E
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 5623E2CC4F1F6DE24BE9DB3319E42D23
C:\Windows\System32\DRIVERS\rspndr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\RtsUStor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sbp2port.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\scfilter.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\secdrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\serenum.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\serial.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\sermouse.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffdisk.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffp_mmc.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\sffp_sd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\sfloppy.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftfslh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftplaylh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftredirlh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\Sftvollh.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\SiSRaid2.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\sisraid4.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\smb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\spldr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv2.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srvnet.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\ssudmdm.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\stexstor.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\swenum.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\SynTP.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tcpip.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tcpip.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tcpipreg.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tdpipe.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tdtcp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tdx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\termdd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tssecsrv.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\tsusbflt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\tunnel.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\TurboB.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\uagp35.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\UBHelper.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\udfs.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\uliagpkx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\umbus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\umpass.sys D41D8CD98F00B204E9800998ECF8427E
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 893A6B67C8AA502648AD946CF50DDFD1
C:\Windows\System32\Drivers\usbaapl64.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbccgp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbcir.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbehci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbhub.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbohci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbprint.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\usbscan.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\USBSTOR.SYS D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\usbuhci.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\usbvideo.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\vdrvroot.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vgapnp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\vga.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\vhdmp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\viaide.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volmgr.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volmgrx.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\volsnap.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\vsmraid.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vwifibus.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\vwififlt.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\wacompen.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\wanarp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\wanarp.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\DRIVERS\wd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\Wdf01000.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\wfplwf.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\wimmount.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\wmiacpi.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\ws2ifsl.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\drivers\WudfPf.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\WUDFRd.sys D41D8CD98F00B204E9800998ECF8427E

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 22:24 - 2015-07-24 22:25 - 00000000 ____D C:\FRST
2015-07-23 12:42 - 2015-07-23 12:47 - 00000281 _____ C:\Users\Matt\Desktop\IMAC Comparison.txt
2015-07-18 22:10 - 2015-07-24 14:38 - 00000000 ____D C:\Users\Matt\AppData\Local\{E7DF2EB8-FD6E-4D97-947F-8195E6F3E7D2}
2015-07-11 11:02 - 2015-07-11 11:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 09:01 - 2015-07-11 09:02 - 00000000 ____D C:\Users\Jo\AppData\Local\{252270E9-4272-4809-9F13-3FC4FC5EC7E3}
2015-07-05 00:37 - 2015-07-10 18:32 - 00000000 ____D C:\Users\Matt\AppData\Local\{273F4760-3105-46FE-9F60-7FB0FA96E33C}
2015-06-28 22:45 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Matt\AppData\Local\{AF14753A-D933-4377-B0D3-0E0718943F04}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-24 22:15 - 2015-04-02 09:15 - 00001312 _____ C:\Windows\Tasks\48_dresses_notification_service.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00003112 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00002198 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001532 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001528 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001462 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001448 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001430 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001348 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001278 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00000576 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.job
2015-07-24 22:04 - 2012-11-10 17:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 22:03 - 2011-12-21 22:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 21:45 - 2015-04-02 09:15 - 00000674 _____ C:\Windows\Tasks\48_dresses_updating_service.job
2015-07-24 14:46 - 2011-12-21 22:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 14:38 - 2015-04-02 09:15 - 00000994 _____ C:\Windows\Tasks\qflnTLaE9hxkp.job
2015-07-23 19:23 - 2012-11-10 17:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-23 19:23 - 2012-11-10 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 19:23 - 2011-09-18 10:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 07:31 - 2012-01-29 23:46 - 00024264 _____ C:\Users\Matt\Downloads\House expenses.xlsx
2015-07-19 08:04 - 2011-12-21 22:32 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-19 07:58 - 2011-12-21 22:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 07:58 - 2011-12-21 22:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-18 22:17 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-18 22:17 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-18 22:09 - 2011-05-12 17:35 - 00000000 ____D C:\Users\Matt\Tracing
2015-07-18 22:08 - 2015-04-18 01:47 - 00001480 _____ C:\Windows\setupact.log
2015-07-18 22:08 - 2012-05-30 21:02 - 00000408 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-07-18 22:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 09:00 - 2011-11-16 14:24 - 00000000 ____D C:\Users\Jo\Tracing
2015-07-11 08:59 - 2009-07-14 05:45 - 00414704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-28 22:43 - 2015-04-18 01:46 - 00360944 _____ C:\Windows\PFRO.log
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-25 17:05 - 2011-05-10 20:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\SoftGrid Client
2015-06-24 18:27 - 2015-05-26 19:40 - 00000000 ____D C:\Users\Jo\AppData\Local\{8A3CB51E-98AB-45BB-BF46-EC81C91AE3E2}

==================== Files in the root of some directories =======

2014-07-08 22:07 - 2014-07-08 22:08 - 0001256 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.boostrap.log
2014-07-08 22:07 - 2014-07-08 22:08 - 0009027 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.installation.log
2013-11-26 00:16 - 2013-11-26 00:16 - 0025757 _____ () C:\Users\Matt\AppData\Roaming\UserTile.png
2011-11-09 14:16 - 2015-04-18 15:32 - 0105348 _____ () C:\Users\Matt\AppData\Local\ars.cache
2011-11-09 14:21 - 2015-04-18 15:33 - 7219139 _____ () C:\Users\Matt\AppData\Local\census.cache
2011-11-09 12:09 - 2011-11-09 12:09 - 0000036 _____ () C:\Users\Matt\AppData\Local\housecall.guid.cache
2015-04-17 00:35 - 2015-04-18 08:43 - 0000010 _____ () C:\Users\Matt\AppData\Local\sponge.last.runtime.cache
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Jo\AppData\Local\Temp\AskSLib.dll
C:\Users\Jo\AppData\Local\Temp\avgnt.exe
C:\Users\Jo\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Jo\AppData\Local\Temp\MSN4A2C.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2011-06-02 15:55] - [2010-11-20 14:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!

 

testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {97b4ea67-ffa5-11df-a62b-dbd01fb2883b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {97b4ea69-ffa5-11df-a62b-dbd01fb2883b}
recoveryenabled         Yes
testsigning             Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {97b4ea67-ffa5-11df-a62b-dbd01fb2883b}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {97b4ea69-ffa5-11df-a62b-dbd01fb2883b}
device                  ramdisk=[C:]\Recovery\97b4ea69-ffa5-11df-a62b-dbd01fb2883b\Winre.wim,{97b4ea6a-ffa5-11df-a62b-dbd01fb2883b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\97b4ea69-ffa5-11df-a62b-dbd01fb2883b\Winre.wim,{97b4ea6a-ffa5-11df-a62b-dbd01fb2883b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {97b4ea67-ffa5-11df-a62b-dbd01fb2883b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {97b4ea6a-ffa5-11df-a62b-dbd01fb2883b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\97b4ea69-ffa5-11df-a62b-dbd01fb2883b\boot.sdi

 

LastRegBack: 2015-06-11 07:28

==================== End of log ============================

 

Thanks,

 

Matt


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

FRST seems to think you have the Nemurs rootkit.  See if you can get ESET's tool to run:

 

http://kb.eset.com/e...ent&id=SOLN3137

 

Then

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

 


  • 0

#3
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi,

 

Thanks for the response.  I ran the tool you recommended and it stated I did have the Nemurs Rootkit and that it has now been removed.  I have downloaded the Fixlist.txt to the same location and run FIX on the FRST Tool.  Below is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Matt at 2015-07-26 23:25:20 Run:1
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
FF Extension: 48 dresses - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: SaleePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SAlePPlus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SAlePlluis - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: SalePluus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION
Locked "175b006c71bbd734" service could not be unlocked. <===== ATTENTION
U5 175b006c71bbd734; C:\Windows\System32\Drivers\175b006c71bbd734.sys [41424 2014-08-25] () <===== ATTENTION Necurs Rootkit?
U5 175b006c71bbd734;  <===== ATTENTION Locked Service
2015-07-24 22:15 - 2015-04-02 09:15 - 00001312 _____ C:\Windows\Tasks\48_dresses_notification_service.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00003112 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00002198 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001532 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001528 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001462 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001448 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001430 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001348 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00001278 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.job
2015-07-24 22:13 - 2014-07-08 22:13 - 00000576 _____ C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.job
2015-07-24 22:04 - 2012-11-10 17:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 22:03 - 2011-12-21 22:22 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 21:45 - 2015-04-02 09:15 - 00000674 _____ C:\Windows\Tasks\48_dresses_updating_service.job
2015-07-24 14:46 - 2011-12-21 22:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 14:38 - 2015-04-02 09:15 - 00000994 _____ C:\Windows\Tasks\qflnTLaE9hxkp.job
2015-07-18 22:08 - 2012-05-30 21:02 - 00000408 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
C:\Windows\System32\Drivers\175b006c71bbd734.sys
EmptyTemp:
 
 
 
*****************
 
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] => moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] => moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] => moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] => moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] => moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully.
C:\Program Files (x86)\mozilla firefox\my.cfg => moved successfully.
Locked "175b006c71bbd734" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
175b006c71bbd734 => service not found.
175b006c71bbd734 => service not found.
C:\Windows\Tasks\48_dresses_notification_service.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.job => moved successfully.
C:\Windows\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.job => moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\48_dresses_updating_service.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\qflnTLaE9hxkp.job => moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => moved successfully.
"C:\Windows\System32\Drivers\175b006c71bbd734.sys" => File/Folder not found.
EmptyTemp: => 2.8 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 23:38:38 ====
 
Thanks

  • 0

#4
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Here are the other 2 logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Matt (administrator) on MATT-PC (26-07-2015 23:58:10)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-04] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5844800 2015-04-02] (IObit)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-18] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {5681C7A8-6D2C-4454-8804-EFC7ACE05B89} URL = http://www.buenosear...rchTerms}&r=805
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-18] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-18] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-02] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1
Tcpip\..\Interfaces\{4F5B2ED9-FFBF-4297-BE05-E23927C0EBF7}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-07-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\user.js [2014-07-08]
FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-07-08]
FF Extension: Plus-HD-V1.1 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected]59f58c578.com [2014-07-08]
FF Extension: foxfilterinspiredeffectnet - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected]net [2015-04-02]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF Extension: bestadblocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-18]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-18] (Avast Software s.r.o.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878912 2015-04-02] (IObit)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-18] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-18] ()
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 npf; \??\C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 23:41 - 2015-07-26 23:41 - 00000000 _____ C:\Windows\SysWOW64\sho6D72.tmp
2015-07-26 23:23 - 2015-07-26 23:23 - 00000302 _____ C:\Users\Matt\Downloads\Addition.txt
2015-07-26 23:17 - 2015-07-27 00:00 - 00024473 _____ C:\Users\Matt\Downloads\FRST.txt
2015-07-26 23:13 - 2015-07-26 23:13 - 00003886 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.231334.2184.log
2015-07-26 23:04 - 2015-07-26 23:05 - 00021395 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.zip
2015-07-26 23:04 - 2015-07-26 23:05 - 00004948 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.log
2015-07-26 23:04 - 2015-07-26 23:04 - 00260296 _____ (ESET) C:\Users\Matt\Downloads\ESETNecursCleaner.exe
2015-07-26 23:01 - 2015-07-26 23:01 - 02146816 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2015-07-26 22:29 - 2015-07-26 22:29 - 00000000 ____D C:\Users\Matt\AppData\Local\{45081722-89C2-4395-A90C-ACBF05B01658}
2015-07-24 22:24 - 2015-07-26 23:58 - 00000000 ____D C:\FRST
2015-07-23 12:42 - 2015-07-23 12:47 - 00000281 _____ C:\Users\Matt\Desktop\IMAC Comparison.txt
2015-07-18 22:10 - 2015-07-25 16:23 - 00000000 ____D C:\Users\Matt\AppData\Local\{E7DF2EB8-FD6E-4D97-947F-8195E6F3E7D2}
2015-07-11 11:02 - 2015-07-11 11:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 09:01 - 2015-07-11 09:02 - 00000000 ____D C:\Users\Jo\AppData\Local\{252270E9-4272-4809-9F13-3FC4FC5EC7E3}
2015-07-05 00:37 - 2015-07-10 18:32 - 00000000 ____D C:\Users\Matt\AppData\Local\{273F4760-3105-46FE-9F60-7FB0FA96E33C}
2015-06-28 22:45 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Matt\AppData\Local\{AF14753A-D933-4377-B0D3-0E0718943F04}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-26 23:52 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-26 23:52 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-26 23:50 - 2015-06-17 19:42 - 00154278 _____ C:\Windows\WindowsUpdate.log
2015-07-26 23:46 - 2011-05-12 17:35 - 00000000 ____D C:\Users\Matt\Tracing
2015-07-26 23:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-26 23:43 - 2009-07-14 05:45 - 00414704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-26 23:42 - 2015-04-18 01:47 - 00001648 _____ C:\Windows\setupact.log
2015-07-26 23:25 - 2011-09-18 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-26 23:08 - 2011-05-16 12:48 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-07-26 22:27 - 2015-04-18 01:46 - 00361602 _____ C:\Windows\PFRO.log
2015-07-24 23:04 - 2012-11-10 17:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 23:04 - 2012-11-10 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-24 23:04 - 2011-09-18 10:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 07:31 - 2012-01-29 23:46 - 00024264 _____ C:\Users\Matt\Downloads\House expenses.xlsx
2015-07-19 08:04 - 2011-12-21 22:32 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-19 07:58 - 2011-12-21 22:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 07:58 - 2011-12-21 22:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-11 09:00 - 2011-11-16 14:24 - 00000000 ____D C:\Users\Jo\Tracing
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-07-08 22:07 - 2014-07-08 22:08 - 0001256 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.boostrap.log
2014-07-08 22:07 - 2014-07-08 22:08 - 0009027 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.installation.log
2013-11-26 00:16 - 2013-11-26 00:16 - 0025757 _____ () C:\Users\Matt\AppData\Roaming\UserTile.png
2011-11-09 14:16 - 2015-04-18 15:32 - 0105348 _____ () C:\Users\Matt\AppData\Local\ars.cache
2011-11-09 14:21 - 2015-04-18 15:33 - 7219139 _____ () C:\Users\Matt\AppData\Local\census.cache
2011-11-09 12:09 - 2011-11-09 12:09 - 0000036 _____ () C:\Users\Matt\AppData\Local\housecall.guid.cache
2015-04-17 00:35 - 2015-04-18 08:43 - 0000010 _____ () C:\Users\Matt\AppData\Local\sponge.last.runtime.cache
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2015-06-11 07:28
 
==================== End of log ============================
 
 
 
ADDITIONS TEXT LOG:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Matt at 2015-07-27 00:01:06
Running from C:\Users\Matt\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1492825921-750369754-554371985-500 - Administrator - Disabled)
Guest (S-1-5-21-1492825921-750369754-554371985-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1492825921-750369754-554371985-1002 - Limited - Enabled)
Jo (S-1-5-21-1492825921-750369754-554371985-1003 - Administrator - Enabled) => C:\Users\Jo
Matt (S-1-5-21-1492825921-750369754-554371985-1001 - Administrator - Enabled) => C:\Users\Matt
Mcx1-MATT-PC (S-1-5-21-1492825921-750369754-554371985-1004 - Limited - Enabled) => C:\Users\Mcx1-MATT-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BallerMarkup (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a24fdd4d}) (Version:  - BallerMarkup) <==== ATTENTION
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Celestix HOTPin Client 1.1 for Windows (HKLM-x32\...\{E74A64C6-F1A0-4729-B0B5-273471E81105}) (Version: 1.01.0000 - Celestix Networks, Inc.)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.1 - IObit)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LG PC Suite III (HKLM-x32\...\{C0E18DC4-C74A-4889-AE3A-933471023787}) (Version: 1.0.0.0 - LG Electronics)
LG PC Suite III (x32 Version: 1.0.0.0 - LG Electronics) Hidden
LG USB Modem Drivers (HKLM-x32\...\{FA02ACAC-9E14-4878-A257-92A22A647C2C}) (Version: 4.9.4 - LG Electronics)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Mozilla Firefox 10.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-GB)) (Version: 10.0.2 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\MyFreeCodec) (Version:  - )
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
SaleePPlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
17-04-2015 22:14:17 avast! antivirus system restore point
17-04-2015 22:24:35 Installed Microsoft Fix it 50202
18-04-2015 01:01:08 Installed AVG 2015
18-04-2015 01:02:20 Installed AVG 2015
18-04-2015 08:24:13 Removed AVG 2015
18-04-2015 08:25:47 Removed AVG 2015
18-04-2015 20:48:15 avast! antivirus system restore point
04-05-2015 18:40:05 Scheduled Checkpoint
11-06-2015 07:35:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-04-18 00:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07C5F1A7-B854-4AF5-B35F-768513EBAA39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {184B43D1-D0F0-46DB-B5DB-3525B0388B97} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.exe <==== ATTENTION
Task: {34B9B85F-38EA-480F-B9AE-7B5BC218884C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4CB20647-6A4D-4046-8D2D-D2DF1111B258} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {519ADA39-2545-4487-AFD7-084B95A3A84C} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.exe <==== ATTENTION
Task: {52C0A07F-0AC5-4CE3-85EA-3FE26B50DDAD} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.exe <==== ATTENTION
Task: {55920075-D578-434E-A66F-718B5376AAF2} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.exe <==== ATTENTION
Task: {61BCD03D-7D1E-493D-8F18-A0DB53330E9D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)
Task: {62B1784B-E682-42A9-8E76-5E341EACF4C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {67BFC6A3-F4C4-4984-85E7-0BECD70C97E5} - \SidebarExecute No Task File <==== ATTENTION
Task: {6A4CADA4-F5DE-4105-912A-7D052B79AEBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {95F8F8F1-96B6-4DC0-91D5-032998B9D8F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9EB34624-A650-4530-AF6F-2DFFB54B4DB9} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.exe <==== ATTENTION
Task: {A065E288-729B-4C79-A862-74D936767F3D} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-nova.exe <==== ATTENTION
Task: {A207D1C8-76E4-449F-87F1-5C1092283053} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.exe <==== ATTENTION
Task: {A8F59469-D32E-45E0-9D08-E3C8EFA603F4} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-novainstaller.exe <==== ATTENTION
Task: {AB40CABE-83EE-42B4-9085-C5098D4FEF40} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C92CAFD2-DA6B-45C2-AF9E-67CCFE508C05} - System32\Tasks\48_dresses_notification_service => C:\Program Files (x86)\48 dresses\48_dresses_notification_service.exe <==== ATTENTION
Task: {D498279E-BBC3-4330-B02A-7F3532CD68F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D86CFCB3-4C55-40D9-BDB8-E7836CC011DD} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-codedownloader.exe <==== ATTENTION
Task: {E20D84A3-0BFC-4517-A56B-0F33EBB37F0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {E7986A30-ED57-4BAE-914D-375212B7711A} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.exe <==== ATTENTION
Task: {E7F25E9D-5410-4311-BDB9-0111B64E1D62} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MATT-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {F5FC005D-2BDD-4AFF-AF48-B29188B52165} - System32\Tasks\qflnTLaE9hxkp => C:\Users\Matt\AppData\Roaming\qflnTLaE9hxkp.exe <==== ATTENTION
Task: {FB3088AC-8511-4F11-BF25-9514916D672D} - System32\Tasks\48_dresses_updating_service => C:\Program Files (x86)\48 dresses\48_dresses_updating_service.exe <==== ATTENTION
Task: {FC3A4E01-D105-4779-A08B-54C04DCDE2B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-04 06:24 - 2010-12-04 06:24 - 00206208 _____ () C:\Windows\PLFSetI.exe
2015-04-18 20:51 - 2015-04-18 20:51 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-18 20:51 - 2015-04-18 20:51 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-26 23:14 - 2015-07-26 23:14 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072501\algo.dll
2015-04-17 22:42 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-04-18 00:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-18 00:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-18 00:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2015-04-18 20:51 - 2015-04-18 20:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-17 22:42 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-04-17 22:42 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-08-15 18:21 - 2014-08-15 18:21 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-07-19 08:04 - 2015-07-13 22:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-19 08:04 - 2015-07-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-19 08:04 - 2015-07-13 22:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F4C0BA75-6C35-485E-9FE2-064F7F730F0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{60B083C3-3B8C-4269-A541-4124472619B1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6283E75F-40CB-404C-AB57-53A6DBDF2513}] => (Allow) svchost.exe
FirewallRules: [{416B6D9F-EF9B-4226-A373-1746B0D6DE39}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{762CC632-91BB-4DFD-B9BB-6E8404C6CB63}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{11E45FA5-D4CF-406A-BFFB-93DE09ECB5A4}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{4AD1E25D-E860-46CB-A828-1528DE8FDEA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F3FD173-C279-4FD8-BFA4-C2B94527ACC9}] => (Allow) LPort=2869
FirewallRules: [{EB8B7112-5EB8-49C6-A27E-D5E6A3C7C618}] => (Allow) LPort=1900
FirewallRules: [{63FA221D-A17D-49C2-AE78-41F0A3FD3123}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C2A4D703-A2F6-4060-9218-5DBDA438D592}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{492055C1-5ADB-4987-AD4E-3E3DC953DE84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{710081BB-9237-4801-9241-C006CD563D68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82E71F38-330F-47F7-BA22-551F13DA3E9D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDFB697B-E267-4908-98B5-28995A7105BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6ED9204-65DA-40F9-9539-E3A1994C0FDF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A8AD10C7-0404-4442-ACBF-3028A4A9A3B2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{178591AB-98F4-4EFC-9D84-372B37C41523}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6C717DC4-10F1-44FE-ADB6-C473E0378738}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{861257E8-77DD-4882-99F0-5E15E5DD8E40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0E825599-375D-4975-9075-957DE6C19892}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{31EE339F-732A-4DE9-A6C3-4C00E6F9B8EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2015 11:56:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Matt-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (07/26/2015 11:23:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 26.7.2015.0, time stamp: 0x55b4ab01
Faulting module name: FRST64.exe, version: 26.7.2015.0, time stamp: 0x55b4ab01
Exception code: 0xc0000005
Fault offset: 0x000000000002652a
Faulting process id: 0x1bb0
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
 
Error: (07/26/2015 10:40:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: Matt-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (07/26/2015 10:38:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (07/25/2015 11:51:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3416391
 
Error: (07/25/2015 11:51:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3416391
 
Error: (07/25/2015 11:51:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/25/2015 11:51:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3400775
 
Error: (07/25/2015 11:51:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3400775
 
Error: (07/25/2015 11:51:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (07/26/2015 11:45:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/26/2015 11:45:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/26/2015 11:43:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/26/2015 11:43:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/26/2015 11:09:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/26/2015 11:09:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/26/2015 11:08:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (07/26/2015 11:08:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/26/2015 10:31:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error: 
%%31
 
Error: (07/26/2015 10:30:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UrlFilter service failed to start due to the following error: 
%%31
 
 
Microsoft Office:
=========================
 
CodeIntegrity Error:
===================================
  Date: 2014-08-25 10:54:50.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\345e40e9.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-25 10:54:50.242
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\345e40e9.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:07.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:07.760
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:05.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:05.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:02.717
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:02.448
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:24:59.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:24:59.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 73%
Total physical RAM: 3766.71 MB
Available physical RAM: 999.79 MB
Total Virtual: 7531.6 MB
Available Virtual: 4665.33 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:203.99 GB) NTFS
Drive d: (My Disc) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01EF3CC9)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
 
What's my next step action wise?
 
Thanks again for your help
 
Matt

 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 26

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also uninstall:

SaleePPlus

Bonjour
 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that. 

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply (or rename it as the next time you run VEW it will overwrite the first log)  then repeat but select Application.

 

Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

How is it running now?

 

 

 


  • 0

#6
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi,

 

Thanks again for your reply.  I have now cleared the java cache and removed java 6 update.  There were no other programs (java, runtime, virtual machine etc) in the Uninstall program in Control Panel.

 

I will not be re-installing it unless necessary at a later date.

 

I have also removed Safee and Bonjour

 

For the next stage here is my FixLog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Matt at 2015-07-27 07:02:27 Run:2
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {5681C7A8-6D2C-4454-8804-EFC7ACE05B89} URL = http://www.buenosear...rchTerms}&r=805
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Extension: Plus-HD-V1.1 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected]59f58c578.com [2014-07-08]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]
CHR Extension: (Avira Browser Safety) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-14]
S3 npf; \??\C:\Users\Matt\AppData\Local\Temp\HouseCall32\tmase\nmap\npf\x64\npf.sys [X]
Task: {184B43D1-D0F0-46DB-B5DB-3525B0388B97} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11.exe <==== ATTENTION
Task: {4CB20647-6A4D-4046-8D2D-D2DF1111B258} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {519ADA39-2545-4487-AFD7-084B95A3A84C} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3.exe <==== ATTENTION
Task: {52C0A07F-0AC5-4CE3-85EA-3FE26B50DDAD} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4.exe <==== ATTENTION
Task: {55920075-D578-434E-A66F-718B5376AAF2} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.exe <==== ATTENTION
Task: {67BFC6A3-F4C4-4984-85E7-0BECD70C97E5} - \SidebarExecute No Task File <==== ATTENTION
Task: {9EB34624-A650-4530-AF6F-2DFFB54B4DB9} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10.exe <==== ATTENTION
Task: {A065E288-729B-4C79-A862-74D936767F3D} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-nova.exe <==== ATTENTION
Task: {A207D1C8-76E4-449F-87F1-5C1092283053} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5.exe <==== ATTENTION
Task: {A8F59469-D32E-45E0-9D08-E3C8EFA603F4} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-novainstaller.exe <==== ATTENTION
Task: {C92CAFD2-DA6B-45C2-AF9E-67CCFE508C05} - System32\Tasks\48_dresses_notification_service => C:\Program Files (x86)\48 dresses\48_dresses_notification_service.exe <==== ATTENTION
Task: {D86CFCB3-4C55-40D9-BDB8-E7836CC011DD} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1 => C:\Program Files (x86)\Plus-HD-V1.1\Plus-HD-V1.1-codedownloader.exe <==== ATTENTION
Task: {E7986A30-ED57-4BAE-914D-375212B7711A} - System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2 => C:\Program Files (x86)\Plus-HD-V1.1\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2.exe <==== ATTENTION
Task: {F5FC005D-2BDD-4AFF-AF48-B29188B52165} - System32\Tasks\qflnTLaE9hxkp => C:\Users\Matt\AppData\Roaming\qflnTLaE9hxkp.exe <==== ATTENTION
Task: {FB3088AC-8511-4F11-BF25-9514916D672D} - System32\Tasks\48_dresses_updating_service => C:\Program Files (x86)\48 dresses\48_dresses_updating_service.exe <==== ATTENTION
EmptyTemp:
 
 
 
*****************
 
"HKU\S-1-5-21-1492825921-750369754-554371985-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5681C7A8-6D2C-4454-8804-EFC7ACE05B89}" => key removed successfully
HKCR\CLSID\{5681C7A8-6D2C-4454-8804-EFC7ACE05B89} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected]59f58c578.com => moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]mail.com not found.
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully.
npf => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{184B43D1-D0F0-46DB-B5DB-3525B0388B97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{184B43D1-D0F0-46DB-B5DB-3525B0388B97}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-11" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CB20647-6A4D-4046-8D2D-D2DF1111B258}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB20647-6A4D-4046-8D2D-D2DF1111B258}" => key removed successfully
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{519ADA39-2545-4487-AFD7-084B95A3A84C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519ADA39-2545-4487-AFD7-084B95A3A84C}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52C0A07F-0AC5-4CE3-85EA-3FE26B50DDAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52C0A07F-0AC5-4CE3-85EA-3FE26B50DDAD}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55920075-D578-434E-A66F-718B5376AAF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55920075-D578-434E-A66F-718B5376AAF2}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67BFC6A3-F4C4-4984-85E7-0BECD70C97E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67BFC6A3-F4C4-4984-85E7-0BECD70C97E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9EB34624-A650-4530-AF6F-2DFFB54B4DB9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB34624-A650-4530-AF6F-2DFFB54B4DB9}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-10" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A065E288-729B-4C79-A862-74D936767F3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A065E288-729B-4C79-A862-74D936767F3D}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A207D1C8-76E4-449F-87F1-5C1092283053}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A207D1C8-76E4-449F-87F1-5C1092283053}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8F59469-D32E-45E0-9D08-E3C8EFA603F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F59469-D32E-45E0-9D08-E3C8EFA603F4}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C92CAFD2-DA6B-45C2-AF9E-67CCFE508C05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C92CAFD2-DA6B-45C2-AF9E-67CCFE508C05}" => key removed successfully
C:\Windows\System32\Tasks\48_dresses_notification_service => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\48_dresses_notification_service" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D86CFCB3-4C55-40D9-BDB8-E7836CC011DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D86CFCB3-4C55-40D9-BDB8-E7836CC011DD}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7986A30-ED57-4BAE-914D-375212B7711A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7986A30-ED57-4BAE-914D-375212B7711A}" => key removed successfully
C:\Windows\System32\Tasks\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\a3de7ad0-a595-4db3-885a-a7cfd62c8e3d-2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5FC005D-2BDD-4AFF-AF48-B29188B52165}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5FC005D-2BDD-4AFF-AF48-B29188B52165}" => key removed successfully
C:\Windows\System32\Tasks\qflnTLaE9hxkp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\qflnTLaE9hxkp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FB3088AC-8511-4F11-BF25-9514916D672D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3088AC-8511-4F11-BF25-9514916D672D}" => key removed successfully
C:\Windows\System32\Tasks\48_dresses_updating_service => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\48_dresses_updating_service" => key removed successfully
EmptyTemp: => 70.9 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 07:02:47 ====
 
Thanks

  • 0

#7
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

SFC / Scannow repaired the files successfully so I didn't re-run Command Prompt with those 2 lines of text.

 

Vino Ross Log 1:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/07/2015 08:18:27
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/07/2015 06:31:03
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
 
Log: 'System' Date/Time: 27/07/2015 06:28:39
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 

  • 0

#8
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

LOG 2 - 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/07/2015 08:21:42
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/07/2015 06:47:33
Type: Error Category: 0
Event: 1024 Source: MsiInstaller
Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/07/2015 07:06:32
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: mcupdate
 
Log: 'Application' Date/Time: 27/07/2015 07:06:30
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: mcplayerinterop
 
Log: 'Application' Date/Time: 27/07/2015 07:06:27
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: mcGlidHostObj
 
Log: 'Application' Date/Time: 27/07/2015 07:06:26
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: MCESidebarCtrl
 
Log: 'Application' Date/Time: 27/07/2015 07:06:09
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: Microsoft.MediaCenter.iTv.Media
 
Log: 'Application' Date/Time: 27/07/2015 07:06:07
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: Microsoft.MediaCenter.iTv
 
Log: 'Application' Date/Time: 27/07/2015 07:05:28
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: ehshell
 
Log: 'Application' Date/Time: 27/07/2015 07:05:25
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: Microsoft.MediaCenter.Sports
 
Log: 'Application' Date/Time: 27/07/2015 07:05:22
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: Microsoft.MediaCenter.Playback
 
Log: 'Application' Date/Time: 27/07/2015 07:04:46
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: mcepg
 
Log: 'Application' Date/Time: 27/07/2015 07:04:42
Type: Warning Category: 0
Event: 1130 Source: .NET Runtime Optimization Service
.NET Runtime Optimization Service (2.0.50727.5485) - Version or flavor did not match with repository: ehRecObj
 
Log: 'Application' Date/Time: 27/07/2015 06:45:09
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.
 
Log: 'Application' Date/Time: 27/07/2015 06:43:51
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...
 
Log: 'Application' Date/Time: 27/07/2015 06:43:50
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.
 
Log: 'Application' Date/Time: 27/07/2015 06:33:44
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=FF8}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: MATT-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
 
Log: 'Application' Date/Time: 27/07/2015 06:33:20
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=FF8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
 
Log: 'Application' Date/Time: 27/07/2015 06:32:19
Type: Warning Category: 0
Event: 0 Source: L
The event description cannot be found.

  • 0

#9
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Matt (administrator) on MATT-PC (27-07-2015 08:23:01)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-04] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-18] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-18] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-18] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1
Tcpip\..\Interfaces\{4F5B2ED9-FFBF-4297-BE05-E23927C0EBF7}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\user.js [2014-07-08]
FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-07-08]
FF Extension: foxfilterinspiredeffectnet - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF Extension: bestadblocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-16]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-18]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]59f58c578.com [not found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-23]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-23]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-23]
CHR Extension: (Avast Online Security) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-07-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-18] (Avast Software s.r.o.)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-18] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-18] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 08:18 - 2015-07-27 08:21 - 00005374 _____ C:\VEW.txt
2015-07-27 08:15 - 2015-07-27 08:15 - 00061440 _____ ( ) C:\Users\Matt\Downloads\VEW.exe
2015-07-27 06:29 - 2015-07-27 06:29 - 00000000 _____ C:\Windows\SysWOW64\shoBCB1.tmp
2015-07-27 06:26 - 2015-07-27 06:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-27 03:29 - 2015-01-09 00:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-07-27 03:29 - 2015-01-09 00:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-07-27 02:28 - 2015-07-27 02:46 - 00446930 _____ C:\Windows\msxml4-KB973688-enu.LOG
2015-07-27 01:54 - 2015-07-27 02:22 - 00447244 _____ C:\Windows\msxml4-KB954430-enu.LOG
2015-07-27 01:36 - 2015-07-27 01:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-27 01:36 - 2015-07-27 01:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-27 01:36 - 2015-07-27 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-27 01:24 - 2015-05-01 14:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 01:24 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 01:15 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-27 01:15 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-07-27 00:57 - 2015-07-09 18:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-27 00:57 - 2015-07-09 18:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-27 00:57 - 2015-07-09 18:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 00:57 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-27 00:57 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-27 00:57 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-27 00:57 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-27 00:57 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-27 00:57 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-27 00:57 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-27 00:57 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-27 00:57 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-27 00:57 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-27 00:57 - 2015-06-03 21:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-07-27 00:57 - 2015-06-03 21:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-27 00:56 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-27 00:56 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-27 00:56 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-27 00:56 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-27 00:56 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-27 00:56 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-27 00:56 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-27 00:56 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-27 00:56 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-27 00:56 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-27 00:56 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-27 00:56 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-27 00:56 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-27 00:56 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-27 00:56 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-27 00:56 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-27 00:56 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-27 00:56 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-27 00:56 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-27 00:56 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-27 00:56 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-27 00:56 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-27 00:56 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-27 00:56 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-27 00:56 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-27 00:56 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-27 00:56 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-27 00:56 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-27 00:56 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-27 00:56 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-27 00:56 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-27 00:56 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-27 00:56 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-27 00:56 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-27 00:56 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-27 00:56 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-27 00:56 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-27 00:56 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-27 00:56 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-27 00:56 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-27 00:56 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-27 00:56 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-27 00:56 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-27 00:56 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-27 00:56 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-27 00:56 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-27 00:56 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-27 00:56 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-07-27 00:56 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-07-27 00:56 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-07-27 00:56 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-07-27 00:56 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-07-27 00:56 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-07-27 00:56 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-07-27 00:56 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-07-27 00:55 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-07-27 00:55 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-07-27 00:55 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-07-27 00:54 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-27 00:54 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-27 00:54 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-27 00:54 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-27 00:54 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-27 00:54 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-27 00:54 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-27 00:54 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-27 00:54 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-27 00:54 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-27 00:54 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-27 00:54 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-27 00:54 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-27 00:54 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-27 00:54 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-27 00:52 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-27 00:52 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-27 00:52 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-27 00:52 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-27 00:52 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-27 00:52 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-27 00:52 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-27 00:52 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-27 00:52 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-27 00:52 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-27 00:52 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-27 00:52 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-27 00:52 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-27 00:52 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-27 00:52 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-27 00:51 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-27 00:51 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-27 00:51 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-27 00:51 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-27 00:51 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-27 00:51 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-27 00:51 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-27 00:50 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-27 00:50 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-27 00:50 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-27 00:50 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-27 00:50 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-27 00:50 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-27 00:50 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-27 00:50 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-27 00:50 - 2015-03-04 05:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-27 00:50 - 2015-03-04 05:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-27 00:50 - 2015-03-04 05:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-27 00:50 - 2015-03-04 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-27 00:50 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-27 00:50 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-27 00:50 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-27 00:49 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-27 00:49 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-27 00:49 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-27 00:49 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-27 00:49 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-27 00:49 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-27 00:49 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-27 00:49 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-27 00:49 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-27 00:49 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-27 00:49 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-27 00:49 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-27 00:49 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-27 00:49 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-27 00:49 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-27 00:49 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-27 00:49 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-27 00:49 - 2015-04-18 04:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-27 00:49 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-27 00:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-07-27 00:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-07-27 00:48 - 2015-06-03 21:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-27 00:48 - 2015-04-08 04:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-27 00:48 - 2015-04-08 04:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-27 00:48 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-27 00:48 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-07-27 00:48 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-07-27 00:48 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-07-27 00:47 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-27 00:47 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-27 00:47 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-27 00:47 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-27 00:47 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-27 00:47 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-27 00:47 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-27 00:47 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-27 00:47 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-27 00:47 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-27 00:47 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-27 00:47 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-27 00:47 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-27 00:47 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-27 00:47 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-27 00:47 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-27 00:47 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-27 00:47 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-27 00:47 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-27 00:47 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-27 00:47 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-27 00:47 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-27 00:47 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-27 00:47 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-27 00:47 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-27 00:47 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-27 00:47 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-27 00:47 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-07-27 00:46 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-27 00:46 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-27 00:46 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-27 00:46 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-27 00:46 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-27 00:46 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-27 00:46 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-27 00:46 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-27 00:46 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-27 00:46 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-27 00:46 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-27 00:46 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-27 00:46 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-27 00:46 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-27 00:46 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-27 00:46 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-27 00:46 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-27 00:46 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-27 00:46 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-27 00:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-07-27 00:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-07-27 00:46 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-07-27 00:46 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-07-27 00:46 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-07-27 00:46 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-07-27 00:46 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-07-27 00:46 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-07-27 00:45 - 2015-04-20 04:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-27 00:45 - 2015-04-20 04:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-27 00:45 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-27 00:45 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-27 00:45 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-27 00:45 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-27 00:45 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-27 00:45 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-27 00:44 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-27 00:44 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-27 00:44 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-27 00:44 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-27 00:44 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-27 00:44 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-27 00:44 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-27 00:44 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-27 00:44 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-27 00:44 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-27 00:44 - 2015-04-13 04:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-27 00:44 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-27 00:44 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-27 00:44 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-27 00:44 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-27 00:44 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-27 00:44 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-27 00:44 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-27 00:44 - 2015-01-29 04:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-27 00:44 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-27 00:44 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-27 00:44 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-07-27 00:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-07-27 00:44 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-27 00:44 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-07-27 00:44 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-07-27 00:44 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-07-27 00:44 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-07-27 00:44 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-07-27 00:44 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-07-27 00:44 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-07-27 00:44 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-07-27 00:44 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-07-27 00:44 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-07-27 00:44 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-07-27 00:44 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-07-27 00:19 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-27 00:19 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-26 23:41 - 2015-07-26 23:41 - 00000000 _____ C:\Windows\SysWOW64\sho6D72.tmp
2015-07-26 23:23 - 2015-07-27 00:02 - 00039665 _____ C:\Users\Matt\Downloads\Addition.txt
2015-07-26 23:17 - 2015-07-27 08:24 - 00022254 _____ C:\Users\Matt\Downloads\FRST.txt
2015-07-26 23:13 - 2015-07-26 23:13 - 00003886 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.231334.2184.log
2015-07-26 23:04 - 2015-07-26 23:05 - 00021395 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.zip
2015-07-26 23:04 - 2015-07-26 23:05 - 00004948 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.log
2015-07-26 23:04 - 2015-07-26 23:04 - 00260296 _____ (ESET) C:\Users\Matt\Downloads\ESETNecursCleaner.exe
2015-07-26 23:01 - 2015-07-26 23:01 - 02146816 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2015-07-26 22:29 - 2015-07-26 22:29 - 00000000 ____D C:\Users\Matt\AppData\Local\{45081722-89C2-4395-A90C-ACBF05B01658}
2015-07-24 22:24 - 2015-07-27 08:23 - 00000000 ____D C:\FRST
2015-07-23 12:42 - 2015-07-23 12:47 - 00000281 _____ C:\Users\Matt\Desktop\IMAC Comparison.txt
2015-07-18 22:10 - 2015-07-25 16:23 - 00000000 ____D C:\Users\Matt\AppData\Local\{E7DF2EB8-FD6E-4D97-947F-8195E6F3E7D2}
2015-07-11 11:02 - 2015-07-11 11:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 09:01 - 2015-07-11 09:02 - 00000000 ____D C:\Users\Jo\AppData\Local\{252270E9-4272-4809-9F13-3FC4FC5EC7E3}
2015-07-05 00:37 - 2015-07-10 18:32 - 00000000 ____D C:\Users\Matt\AppData\Local\{273F4760-3105-46FE-9F60-7FB0FA96E33C}
2015-06-28 22:45 - 2015-07-04 07:14 - 00000000 ____D C:\Users\Matt\AppData\Local\{AF14753A-D933-4377-B0D3-0E0718943F04}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 08:22 - 2014-05-08 21:41 - 00000000 __SHD C:\Users\Matt\AppData\Local\EmieUserList
2015-07-27 08:22 - 2014-05-08 21:41 - 00000000 __SHD C:\Users\Matt\AppData\Local\EmieSiteList
2015-07-27 08:19 - 2015-06-17 19:42 - 01167540 _____ C:\Windows\WindowsUpdate.log
2015-07-27 07:42 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-27 07:42 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-27 07:33 - 2011-05-12 17:35 - 00000000 ____D C:\Users\Matt\Tracing
2015-07-27 07:31 - 2015-04-18 01:47 - 00001816 _____ C:\Windows\setupact.log
2015-07-27 07:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 07:05 - 2015-04-18 01:46 - 00361930 _____ C:\Windows\PFRO.log
2015-07-27 06:58 - 2015-04-14 22:02 - 00000000 ____D C:\Program Files (x86)\SaleePPlus
2015-07-27 06:40 - 2009-07-14 06:13 - 00783400 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 06:40 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-27 06:31 - 2009-07-14 05:45 - 00410928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 06:26 - 2014-05-06 20:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 06:26 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-27 04:01 - 2011-12-21 22:32 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 03:18 - 2011-05-10 20:23 - 00791792 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-27 03:18 - 2011-05-10 20:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-07-27 03:09 - 2011-05-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-27 01:36 - 2011-03-10 21:28 - 00000000 ____D C:\ProgramData\Skype
2015-07-27 01:11 - 2013-08-17 06:26 - 00000000 ____D C:\Windows\system32\MRT
2015-07-26 23:25 - 2011-09-18 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-26 23:08 - 2011-05-16 12:48 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-07-24 23:04 - 2012-11-10 17:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 23:04 - 2012-11-10 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-24 23:04 - 2011-09-18 10:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 07:31 - 2012-01-29 23:46 - 00024264 _____ C:\Users\Matt\Downloads\House expenses.xlsx
2015-07-19 07:58 - 2011-12-21 22:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 07:58 - 2011-12-21 22:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-11 09:00 - 2011-11-16 14:24 - 00000000 ____D C:\Users\Jo\Tracing
2015-07-03 08:43 - 2011-03-07 22:52 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-07-08 22:07 - 2014-07-08 22:08 - 0001256 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.boostrap.log
2014-07-08 22:07 - 2014-07-08 22:08 - 0009027 _____ () C:\Users\Matt\AppData\Roaming\Bubble Dock.installation.log
2013-11-26 00:16 - 2013-11-26 00:16 - 0025757 _____ () C:\Users\Matt\AppData\Roaming\UserTile.png
2011-11-09 14:16 - 2015-04-18 15:32 - 0105348 _____ () C:\Users\Matt\AppData\Local\ars.cache
2011-11-09 14:21 - 2015-04-18 15:33 - 7219139 _____ () C:\Users\Matt\AppData\Local\census.cache
2011-11-09 12:09 - 2011-11-09 12:09 - 0000036 _____ () C:\Users\Matt\AppData\Local\housecall.guid.cache
2015-04-17 00:35 - 2015-04-18 08:43 - 0000010 _____ () C:\Users\Matt\AppData\Local\sponge.last.runtime.cache
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2015-07-27 05:12
 
==================== End of log ============================

  • 0

#10
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Additions Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Matt at 2015-07-27 08:25:54
Running from C:\Users\Matt\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1492825921-750369754-554371985-500 - Administrator - Disabled)
Guest (S-1-5-21-1492825921-750369754-554371985-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1492825921-750369754-554371985-1002 - Limited - Enabled)
Jo (S-1-5-21-1492825921-750369754-554371985-1003 - Administrator - Enabled) => C:\Users\Jo
Matt (S-1-5-21-1492825921-750369754-554371985-1001 - Administrator - Enabled) => C:\Users\Matt
Mcx1-MATT-PC (S-1-5-21-1492825921-750369754-554371985-1004 - Limited - Enabled) => C:\Users\Mcx1-MATT-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.194.1021 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.194.1021 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BallerMarkup (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a24fdd4d}) (Version:  - BallerMarkup) <==== ATTENTION
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.0 - )
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Celestix HOTPin Client 1.1 for Windows (HKLM-x32\...\{E74A64C6-F1A0-4729-B0B5-273471E81105}) (Version: 1.01.0000 - Celestix Networks, Inc.)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LG PC Suite III (HKLM-x32\...\{C0E18DC4-C74A-4889-AE3A-933471023787}) (Version: 1.0.0.0 - LG Electronics)
LG PC Suite III (x32 Version: 1.0.0.0 - LG Electronics) Hidden
LG USB Modem Drivers (HKLM-x32\...\{FA02ACAC-9E14-4878-A257-92A22A647C2C}) (Version: 4.9.4 - LG Electronics)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
Mozilla Firefox 10.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 10.0.2 (x86 en-GB)) (Version: 10.0.2 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\MyFreeCodec) (Version:  - )
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version:  - Oberon Media)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
11-06-2015 07:35:01 Scheduled Checkpoint
27-07-2015 00:59:01 Windows Update
27-07-2015 06:55:24 Removed Java™ 6 Update 26
27-07-2015 06:59:57 Removed Bonjour
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-04-18 00:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07C5F1A7-B854-4AF5-B35F-768513EBAA39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {34B9B85F-38EA-480F-B9AE-7B5BC218884C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {61BCD03D-7D1E-493D-8F18-A0DB53330E9D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)
Task: {62B1784B-E682-42A9-8E76-5E341EACF4C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {6A4CADA4-F5DE-4105-912A-7D052B79AEBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {95F8F8F1-96B6-4DC0-91D5-032998B9D8F4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AB40CABE-83EE-42B4-9085-C5098D4FEF40} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D498279E-BBC3-4330-B02A-7F3532CD68F4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E20D84A3-0BFC-4517-A56B-0F33EBB37F0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {E7F25E9D-5410-4311-BDB9-0111B64E1D62} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MATT-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {FC3A4E01-D105-4779-A08B-54C04DCDE2B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-12-04 06:24 - 2010-12-04 06:24 - 00206208 _____ () C:\Windows\PLFSetI.exe
2015-04-18 20:51 - 2015-04-18 20:51 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-18 20:51 - 2015-04-18 20:51 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-26 23:14 - 2015-07-26 23:14 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072501\algo.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-04-18 00:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-18 00:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-18 00:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-18 00:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-18 00:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2015-04-18 20:51 - 2015-04-18 20:51 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-27 04:00 - 2015-07-23 23:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-27 04:00 - 2015-07-23 23:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
2015-07-27 07:13 - 2015-07-27 07:13 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-07-27 04:00 - 2015-07-23 23:39 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F4C0BA75-6C35-485E-9FE2-064F7F730F0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{60B083C3-3B8C-4269-A541-4124472619B1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6283E75F-40CB-404C-AB57-53A6DBDF2513}] => (Allow) svchost.exe
FirewallRules: [{416B6D9F-EF9B-4226-A373-1746B0D6DE39}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{762CC632-91BB-4DFD-B9BB-6E8404C6CB63}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{11E45FA5-D4CF-406A-BFFB-93DE09ECB5A4}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{4AD1E25D-E860-46CB-A828-1528DE8FDEA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F3FD173-C279-4FD8-BFA4-C2B94527ACC9}] => (Allow) LPort=2869
FirewallRules: [{EB8B7112-5EB8-49C6-A27E-D5E6A3C7C618}] => (Allow) LPort=1900
FirewallRules: [{63FA221D-A17D-49C2-AE78-41F0A3FD3123}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C2A4D703-A2F6-4060-9218-5DBDA438D592}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D6ED9204-65DA-40F9-9539-E3A1994C0FDF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{A8AD10C7-0404-4442-ACBF-3028A4A9A3B2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{178591AB-98F4-4EFC-9D84-372B37C41523}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6C717DC4-10F1-44FE-ADB6-C473E0378738}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{861257E8-77DD-4882-99F0-5E15E5DD8E40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{0E825599-375D-4975-9075-957DE6C19892}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9C3E94EE-2ED8-4C19-916D-A2203EB51493}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/27/2015 07:47:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Matt-PC)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
 
System errors:
=============
 
Microsoft Office:
=========================
 
CodeIntegrity Error:
===================================
  Date: 2014-08-25 10:54:50.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\345e40e9.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-25 10:54:50.242
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\345e40e9.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:07.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:07.760
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:05.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:05.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:02.717
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:25:02.448
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:24:59.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-15 09:24:59.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 59%
Total physical RAM: 3766.71 MB
Available physical RAM: 1543.43 MB
Total Virtual: 7531.63 MB
Available Virtual: 5034.79 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:452.66 GB) (Free:205.11 GB) NTFS
Drive d: (My Disc) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01EF3CC9)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
Thanks in advance for your feedback.
 
Anti Virus real time protection and Windows updates are back working again.  When you have finished with your guidance I will run a full system scan to remove any other bits that may be lurking.  Downloaded 106 updates last night which had built up on Windows Update so hopefully system is a bit more up to date now.  Everything looking a bit better now?
 
The only thing is I ran the Vino Rosso app as administrator but from the 'Downloads' file it automatically downloaded to instead of desktop as you originally stated.  Does this matter?  If it does I can re save it to desktop and re-run it.  Please let me know.
 
Thanks,
 
Matt

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I need to run another fixlist to clean up some stuff the malware left and to get rid of some remnants.  When you let Spybot Immunize your system it put a bunch of entries in the hosts file.  This is no longer a good idea as it slows down the networking so I am going to clean up the hosts file. 

 

Download the attached fixlist.txt to the same location as FRST

 

Run FRST and press Fix
A fix log will be generated please post that. 

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

 

How is it running now?

 

Tonight while you sleep let Avast do a boot-time scan.  This can take 6 hours or more.

 

How to do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button

If you can't find it then take a screen shot of the Detailed Report:


  • 0

#12
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Firstly, here is my log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Matt at 2015-07-27 20:25:04 Run:3
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt & Jo (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=GB&unqvl=86
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1492825921-750369754-554371985-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF SearchPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml [2014-07-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml [2014-07-08]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]59f58c578.com [not found]
2015-07-27 06:58 - 2015-04-14 22:02 - 00000000 ____D C:\Program Files (x86)\SaleePPlus
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
Task: {34B9B85F-38EA-480F-B9AE-7B5BC218884C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
c:\Windows\System32\drivers\345e40e9.sys
Hosts:
EmptyTemp:
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
 
*****************
 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
HKU\S-1-5-21-1492825921-750369754-554371985-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1492825921-750369754-554371985-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml => moved successfully.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] not found.
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]59f58c578.com not found.
C:\Program Files (x86)\SaleePPlus => moved successfully.
C:\ProgramData\FullRemove.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34B9B85F-38EA-480F-B9AE-7B5BC218884C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B9B85F-38EA-480F-B9AE-7B5BC218884C}" => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => key removed successfully
"c:\Windows\System32\drivers\345e40e9.sys" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
 
The operation completed successfully.
EmptyTemp: => 94.3 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:25:21 ====

  • 0

#13
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Just run Adw:

 

# AdwCleaner v4.208 - Logfile created 27/07/2015 at 20:48:47
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\9943762067129354534
Folder Deleted : C:\ProgramData\{30f50f1f-a4eb-f856-30f5-50f1fa4e3c7e}
Folder Deleted : C:\ProgramData\{77108479-e417-18d9-7710-08479e4111e7}
Folder Deleted : C:\ProgramData\{9de4b6b3-7c41-a9e2-9de4-4b6b37c4dacd}
Folder Deleted : C:\ProgramData\{bcb3b307-2068-7e88-bcb3-3b307206cc1c}
Folder Deleted : C:\ProgramData\{f16dc5e1-4f85-bbe0-f16d-dc5e14f81785}
Folder Deleted : C:\Program Files (x86)\48 dresses
Folder Deleted : C:\Program Files (x86)\bestadblocker
Folder Deleted : C:\Program Files (x86)\myselfcoupon
Folder Deleted : C:\Program Files (x86)\SAlePlluis
Folder Deleted : C:\Program Files (x86)\SalePlus
Folder Deleted : C:\Program Files (x86)\SalePluus
Folder Deleted : C:\Program Files (x86)\SAlePPlus
Folder Deleted : C:\Users\Jo\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Jo\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\Matt\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Matt\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\hjhvbblj.default\Extensions\[email protected]
Folder Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\hjhvbblj.default\Extensions\[email protected]
Folder Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\hjhvbblj.default\Extensions\[email protected]
Folder Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected]
Folder Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\hjhvbblj.default\Extensions\[email protected]
Folder Deleted : C:\Users\Jo\AppData\Roaming\Mozilla\Firefox\Profiles\hjhvbblj.default\Extensions\[email protected]
Folder Deleted : C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmnfpmhdanicbahccgohnanecaphfmb
Folder Deleted : C:\ProgramData\ajdiokbhhfonncfkmjkonaamdibbagek
Folder Deleted : C:\ProgramData\blnbmpgblhpcileggadikncghfmhnplb
Folder Deleted : C:\ProgramData\ibfnkhodkfaidhjeoklolenjppolhdfm
Folder Deleted : C:\ProgramData\lhocokdkcbekdkfilpdgjdeilaoafblh
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mkbhbgeekdjepnnknnbmpnkidcifbfof_0
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkbhbgeekdjepnnknnbmpnkidcifbfof
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Matt\AppData\Roaming\Bubble Dock.boostrap.log
File Deleted : C:\Users\Matt\AppData\Roaming\Bubble Dock.installation.log
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\invalidprefs.js
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\searchplugins\buenosearch.xml
File Deleted : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\user.js
File Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\cc4f778b-d5e1-b836-e117-3a7d343d175f
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{a24fdd4d}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836656}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836656}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17909
 
 
-\\ Mozilla Firefox v10.0.2 (en-GB)
 
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.goodforsearch.info/?pid=24378&r=2015/04/14&hid=12167683721929896878&lg=EN&cc=GB&unqvl=86&l=1&q=");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.goodforsearch.info/?pid=24378&r=2015/04/14&hid=12167683721929896878&lg=EN&cc=GB&unqvl=86");
[hjhvbblj.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.goodforsearch.info/?pid=24378&r=2015/04/14&hid=12167683721929896878&lg=EN&cc=GB&unqvl=86&l=1&q=");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.EQEYwyn4renMjmYd.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjsFqTC7pdr6rTw4rTU5pjg5qHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.GMZX3MjXiQI0WN0U.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjsFqTC7pdr6rTw4rTU5pjg5qHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.HGFfTC9CokLA9GGQ.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjsFqTC7pdr6rTw4rTU5pjg5qHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.O3ruNXhtSaGUlLJg.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjsFqTC7pdr6rTw4rTU5pjg5qHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.TlXVo0iH7LneuHdw.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjsFqTC7pdr6rTw4rTU5pjg5qHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.admin", false);
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.id", "f47f729c0000000000005cac4c3259f8");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.instlDay", "16259");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.newTab", false);
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=F47F5CAC4C3259F8&affID=128518&tsp=5302");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=F47F5CAC4C3259F8&affID=128518&tsp=5302");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.722:12:35");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[33xeebnx.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14b04889e6864552da08999957d9f96b");
 
-\\ Google Chrome v44.0.2403.107
 
[C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.goodforsearch.info/?l=1&q={searchTerms}&pid=24378&r=2015/04/14&hid=12167683721929896878&lg=EN&cc=GB&unqvl=86
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.buenosearch.com/?babsrc=SP_kms&tt=na&mntrId=0cbb7eae24e1200e900b8fa33c549616&affID=128518&tsp=5302&q={searchTerms}
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F47F5CAC4C3259F8&affID=121240&tt=070813_wc2&tsp=4970
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=ds&ts=1404853674&from=epom1&uid=WDCXWD5000BEVT-22A0RT0_WD-WX81C90D3076D3076&i=psd&t=3455ba8a6&q={searchTerms}
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F47F5CAC4C3259F8&affID=128518&tsp=5302
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.buenosearch.com/?babsrc=HP_kms&tt=na&mntrId=0cbb7eae24e1200e900b8fa33c549616&affID=128518&tsp=5302
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : CD155685B54F83B5C267259552E2E5FEFD4AEEF1A6F61A4AF3B794A69F4B63B7"},"software_reporter":{"prompt_reason":"07DEA8261E769084385BBCC07B59C4036D154D470F646DFDA0BEC07FE982CE6E","prompt_seed":"BCBFCD192FC5D2C4FE57C036035BF625170D2270021A9DB72E30BF46710C47D7","prompt_version":"F054990F57EC37272074930C339D47E63E27C85D0DA63E02ECD6AFFA97D9FFA0"},"sync":{"remaining_rollback_tries":"5388C51B315C9A267C9F176A940EBCEA4D35E5A12DAD137473684EF7B84C131D"}},"super_mac":"850EED201AAF6D8F7FF77D5A380B05C1C24E73F6217D41382D64619B6102A596"},"safebrowsing":{"incidents_sent":{"6":{"domain_request_incident":"42"}}},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.buenosearch.com/?babsrc=HP_kms&tt=na&mntrId=0cbb7eae24e1200e900b8fa33c549616&affID=128518&tsp=5302
 
*************************
 
AdwCleaner[R0].txt - [24746 bytes] - [18/04/2015 00:18:58]
AdwCleaner[R1].txt - [16125 bytes] - [27/07/2015 20:42:51]
AdwCleaner[S0].txt - [16245 bytes] - [27/07/2015 20:48:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16305  bytes] ##########
 

  • 0

#14
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by Matt on 27/07/2015 at 21:18:57.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544834456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544834456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544834456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544834456}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys
Successfully deleted: [File] C:\Windows\SysWOW64\sho6D72.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoBCB1.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\shoEEAE.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0127CA6B-D9E7-4893-A0D6-F46B5A1A9030}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{01B5C1DF-09CC-4CC8-AA8A-BD63746707B6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{03928157-1C6A-4ABE-B5E2-F579357B9192}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{04440C4F-986F-403F-A4B7-A4DAFF4B3B36}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0469B58A-279D-4907-A080-C122382257F2}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{04F59E6B-A0CB-436F-9BE9-7A4E012AB5A3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{05946F80-2D46-4C2E-B2F8-D35FC318AF36}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0601E861-E2FA-46C9-B979-00760F92DEDC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{067CE273-97EA-493F-AD3D-C17E6A362186}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{079565AF-AF8E-4AE5-A32B-F485205F8B72}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{07CDDF10-E202-4F72-BBD6-ED6D053CC8D3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0837EC1A-8194-4A6E-B586-AF5984B25729}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0880CBCA-FC4C-414C-9D74-4C0FD18683AF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{08F3CE30-65D7-4B72-8928-2F33C4EA3EE1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{090D2013-DDEA-41D9-918E-3422C0CF2BDD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0A1F5682-0D97-4F65-BC70-B3529C38E7D2}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0BBD2596-6711-4A44-9CB9-E787650476AF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0C20626D-2463-4993-BD76-116DB12F589D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0C84266D-637B-4A89-AB34-D26DD8B413E9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0C8DDF11-3875-4181-99F2-16332EA704B5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0CAB806B-24A8-46B3-A241-2121D73F058B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0DA9742A-ECBE-4A67-BFFF-B0AE3D7F13C5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0DF1AFDD-F3B0-4BCF-A2C7-C825831A57D1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0E5719BA-A3B8-4FDF-9B4E-48D09A1C4661}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0E62D437-0CE8-4515-8A5B-F9C2CCFF9B9D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0E732A2D-82ED-41C6-95AC-3EA716153F8C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0F193F2C-A8D7-4564-8ED0-8B67D9E46388}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{0FB46628-48A9-4004-83B4-D430939C7894}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{102EAB88-E473-447A-A3CB-291271236BBA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{10930EC9-1A25-4D4E-AE6A-0E78E844F5C4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{10EEE02D-75FD-4D02-A3AD-E00955A947D1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{131ABD95-F3CF-4358-B15D-4DF251EF85BF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{139C245D-7C2C-4D84-A5EC-EC6DC6252DEF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{14827D8F-077A-4CD6-824C-20C64F528FFB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{153873F6-8E08-4FE6-A698-85B7BD55B145}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1592718D-383A-48B5-AB9C-FD97F1B6F5D3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{15BD622A-A7D6-4D94-8C87-F91D6CB209C9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{166487BC-70A0-480E-9125-75D02BB2D47A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{16FC58C3-5B26-4BDC-A91A-2758273D6F9F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1716CBC3-D302-4AC8-8760-D4C5CF63F77F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1795FE5E-047F-45FF-8997-30EBB543DEB5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1A4D35E6-811E-4FDE-B429-0773787EAFAF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1AB45447-2326-48AF-AE53-20E5DAB35AB6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1AFDB2BF-1284-4056-ADBF-346E2137FCE8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1B638537-EE2F-4A30-B44C-2A9CE559B0B9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{1E6C12A1-FB64-4886-97F1-B8DD51AE5827}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{21D87206-F687-466E-9AFF-D2FDF0CB6C53}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{229CE3F7-9B14-452B-B2B0-F9EA1E3001CB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{230DDF4C-4418-4351-8770-586F3FEBCB5B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{23FDE85E-D55D-4985-B071-73F6C0B00601}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{24D9A33C-7156-457B-96D3-2F32F6D7CDEE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{25C28496-9156-49E0-B55E-E46FB6332087}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{273F4760-3105-46FE-9F60-7FB0FA96E33C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{28141FE5-44F3-4931-ADAA-07B5B6F55517}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{28F8B4BC-428A-413E-B883-387C83536EB5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{293B776B-7340-46E8-806B-F65E7B244ABC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2A2B222C-2986-4E11-B018-CDBEE55FA97D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2A8F2E4B-2B45-4990-9B81-A54AB7212B64}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2BA43A19-B32C-4ABC-B46E-98683C5E632F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2DA521F9-F468-44B9-85AC-AD7377A8BE35}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2DBA870F-9A4E-4733-B606-A8AC5B0DB7FA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2E965B0A-65E8-4FE3-A9AB-5F8799B0328E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2EEAA159-1980-4992-994F-C3F42631F25E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{2EFB287A-1B8F-4CE4-85A3-43C4D75545F4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{31904CB4-8AA9-4B97-8524-1DC30EB34604}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3290E3ED-51B3-444B-A0F8-2E7BD844D28D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3315E712-07E1-49DD-9182-2F62CE401536}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{337286CD-2C5C-44DE-B218-5E3F08CDB506}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{340BA8AC-C86D-4C6B-8A8A-DA32327FCC20}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{35B5209A-94F1-45AE-A560-6BF71FB7AABD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{366AF883-E4CB-4863-AE90-BA3AFFA3E2A8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3681408A-11E9-4C80-B96D-C143F48E708D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{36B2FC6A-4013-4A96-9623-646EED2B1FEF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{377B7C4E-066F-40E0-B6FC-136A56F49BBA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{37EEB2D2-E45D-46B1-B01E-6454E385FE5B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{38FB72C0-4CF9-43C6-941F-E335AFB2D023}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{396794EF-E35F-4E47-AC2C-278E0A63C9FF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{39D2D94D-E307-4460-9025-8A34247696E7}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3A01D4BC-1981-421A-8327-BE146A634976}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3AF57F95-967B-41A4-8CE1-032A47622CAD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3B94E300-5027-4362-B079-FB881E5D1689}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3C5B6320-EB5A-456E-A617-775E2DE68203}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3D21C7B7-5215-41C0-8305-C188B0FC082E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3E8E504B-07DC-4A70-B866-6C876A8DAAC9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{3E9FC452-3EB1-410D-BC3B-042179997DFE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{411BEC0F-F88E-48C2-84F7-1299BC77DA68}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{41897A45-CE19-4E19-8E11-765591C483AE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{418C69AD-1D59-468F-B313-A7C9281E5C6A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{41F3DCA3-36A8-444C-9C5D-8A2F59379A06}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{42326BA1-FB34-48A8-9D56-E56F9DBCFDAC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4250F985-24FB-44A8-BA5B-76E41736FCAA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{440F1AD0-D84F-4C6F-8E5B-EC687E1EC33C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{45081722-89C2-4395-A90C-ACBF05B01658}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{45F0D916-A8AE-4064-B9A4-FEB4C117B754}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{47411630-FE27-4EF3-A555-F771B2DB4BCC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{47455FDE-A2AD-4E66-82D9-1349C3CE6B42}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4873FD9F-6AA4-4361-93AD-BDD586BF302D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4885BB95-E86A-4531-BE95-1D864299979D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{48ABC2E5-75A2-48B8-90AC-8C510FAEA493}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{48B27844-137A-4FC8-A209-A4B0388A9611}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{48B5C450-1C2B-4449-8AEE-1B7615595649}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{49FE7946-A7FF-4173-9132-316598B3AAE2}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4A3CA8DA-F274-4B7B-B149-F468AE79C5EE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4B5D3B99-D46C-4926-81B2-74A62C4D09DA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4BD7BD96-BA6E-4D4F-B03A-257A1F7016C1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4D1D5BBA-E0A8-4B58-AAD0-97CD872DC450}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4D86A312-C971-4C77-969D-78B4D612A0EB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4DD20C48-B6A7-4AB9-AE62-11B0172378FF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4E2A3A05-547D-4C23-8189-7E486E7C619A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4E512026-F5B2-4121-A516-066EAD145F6F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4E5E5F08-231A-40A3-87A9-4264931878C9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4E72E53B-7EE6-4F32-BA97-EF4EE0EB5698}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{4F2C4AB1-C04E-4D71-8F93-28BC8B2DEC52}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{508D47C3-962A-4F98-BC3D-F66E5ED91239}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{51C4D629-B4C0-4317-8BB9-85483456D2F1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{540DEE54-1387-4030-B487-5418B5D0C562}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{548B7C9F-8656-454E-9092-E71B23232254}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{54CA6FF4-E710-4DCA-9181-D804D18DEA71}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{55016AD9-12F4-40E8-9CA5-359BCEB0792A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{56FF3C2D-CA82-4789-9BB7-A544C066435B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{58465D74-89FA-4EEA-A948-A12FAE326882}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{588A1E82-357F-4DED-A815-C73698747FAF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{592CD8F6-306C-4854-88E7-6000C7F3EFAD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5AC4051D-1FB3-4E01-97C5-1073BB554538}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5BF41FB5-4AD8-4DCA-8CED-11D8C6B793B8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5CCA622C-31D6-461D-A930-14D022D21884}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5D7F24FF-C808-4A16-BA7B-230E40D47BB4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5D9E31CE-3EA2-4304-8589-788F67C23446}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5DBB3D7E-3781-46BB-BA86-0DBA83B4FEC9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5E026273-83F4-4845-8D5C-2A80F01EFB48}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5E8264E1-D82C-4628-A670-2955C55D7FB0}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5FCC129A-C67B-4853-A303-C587992023FD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5FDEF29F-F4A8-4D6E-A78E-E405DDD4C0D9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{5FED8098-E712-4A56-98DE-A470CCDCCB98}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6043B1FF-9557-48F0-B4EB-6F7F962B69C1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{606C51F9-410E-443A-9965-C8F2C155461E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6177FBA1-18FD-4F54-AC2C-E75AB1CF0A03}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{62B301CC-F09F-4225-BF3C-8026B1D2C949}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{631770A3-A51D-4354-9C12-5E0266C474F6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{63197C01-4716-45E7-9FFA-8EB7CC9AD422}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6462CDA9-AF23-4F82-B1A0-79723570DF92}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{64B767DB-CC01-44EB-A685-9768C88175C0}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{664B664E-B281-49EE-A12C-3AB43AE8A4CC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{66DDA454-A1F7-4E45-9068-698C85E4669F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{66E69FCD-95EF-4ADE-B6C5-9089D51212E4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{674619B0-65D1-4BF8-B310-A6FD9ACDDCD6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{67FD323F-8135-408E-ACCD-2C3B2FA1ECD6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6825B808-92C0-4CB4-8CD8-ED08D6A4857F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{682CEC3F-A28F-4E98-8A9D-872885F545B9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{68E6A6E6-A182-481F-BAC9-BF3D74D9EF92}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{69911CBD-8188-4023-8BDA-676E21BC21D3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6A0BA523-11BB-475C-B7A0-7AC22C256C6E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6A6AAD3F-D4FA-4534-BA9F-47A3257CAD0A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6AC499EF-9CCF-434E-95D7-64754DC6424E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6B528C8F-7C3E-489D-BEA3-7A76A2512EF0}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6C4554B8-2AB3-4214-9966-E5936D5203CA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6C994722-4F16-4C19-8228-4C1127493477}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6C99FD33-D0DF-440E-8CA1-93A23660B0B9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6DA21EDA-372B-4215-9321-BF625D47FD57}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{6E2D4B9A-B190-4319-92EF-0E13D564AFB0}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{718D4479-0C1C-4914-802B-C24F350045FD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{71B75F2A-3C28-46A8-AC6F-455E6EE144C5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{73676BCA-E7B6-4681-BB66-7BAB1868FF55}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7373636A-F037-40F3-889D-1B664C95A4DF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{747D6E85-59AE-4EF7-85BD-FC6A3840FF54}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7509E400-C41C-45C2-B41D-53DBB9185338}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{759ED8DA-40F2-4BC1-B407-947F83E1501F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{75E83422-2DDB-441D-83F0-44A86EDA949A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{75FCC47C-3FE5-4834-839E-0FFA74DA0214}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7617DBED-00C9-4AD0-9EDE-395FE3AB5B2A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7871FDDA-9E58-4AEB-A26B-6A9DA4174533}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{793AD6DB-C806-4539-8DFF-E96B2A906947}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7943B2A3-4CE2-4DAA-8D79-931013F420A9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7A2B8AF5-CA68-4359-BEDA-943F4F1659D8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7A52526C-4BE4-4649-9F48-6380220A3263}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7B493C93-D59A-42CF-A845-48EBA182406C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7B5743F1-DD85-417F-822E-7D96C6534E67}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7BF428CB-43C3-4B12-8553-5D7B535EAEB8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7C08CA6E-41E2-4DA2-AC54-C36A60735768}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7D855035-E6AD-41C6-BA2D-92802B3A9AEB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7DCB02A6-36CE-404C-9A6B-800067ACFBFC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7E6FAD54-16D7-4F3A-A0E3-7C90A727AF3D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{7ED1650F-EE7C-400F-A1D8-52007A4754D4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{80051ABF-9034-4339-8F0C-A60830A7542A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{804A2C10-A637-45FC-A0D6-17846CF652A6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{810D02D0-6928-417D-99C6-2CC0B58268BF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{81FFEFCF-EE28-43DB-89C2-720E7AA7BEB0}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{835D07FB-876C-4B0B-8B61-5AC460F10F50}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{842B8A5E-32A7-4424-B8E1-B863B898732A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8540DD2C-05F7-4806-B1AF-12653FEFE644}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{85CE7BBF-F01F-4E8D-8DF5-E3A0D663C42E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{85FEA7D3-7D19-472E-BA10-AD9D3AF6CA9E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8612DB1B-5243-4B64-91F7-2A7325A2D05F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{872FD2F4-720D-422A-AE7F-92549DB2E1B4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8810D0AD-BE20-4F88-997A-3269BB4F7C4B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{885964A7-97B0-4D22-8DC7-DD5B7FBE4182}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{88BE61B5-1317-4335-8C22-8FBA987D7B5B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{88E65029-0A6B-4700-91A3-5A955EA6CF4B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{892CD9D1-E484-4899-8D75-B75F4541C6A3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8A34C25F-7456-407F-B924-0B08612E7A25}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8ACC247A-D0F2-4EAB-A5B1-3C924F500B21}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8ACDE15D-EFE3-467C-8413-0D669CD26013}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8C5152F8-A72F-4F07-90F0-FAC39D903CEC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8CE9F37F-32CB-43AF-BCA9-921EF1BCE6A6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8DBE59D3-EB89-4816-84A3-293F90FA932F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8E667D78-556F-4C5F-8F1A-18A1FEB9FB19}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8E9E3066-42CD-4D16-8132-71107AEA5E65}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{8EF5C7DF-2FC9-4B5D-BD6A-75ABF25B8234}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9013C8C5-32D1-4527-AB27-B621CD3D325D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{90616F1A-16B1-41EE-95BA-41E17BB9DB8D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{90A6705E-7FD1-467E-B840-D48A943447DA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{90C5623E-0477-4573-A0F7-402F500997C7}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{90E9AEF8-F2D7-4364-BA73-FABD4257062E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9120965B-B824-49D2-B5A3-A790E74894EF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{91BA31D3-7766-4C98-9823-E13477AB1DA2}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{92F4B9CC-134B-4167-ADB4-3FEFA3774C07}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9328AE2F-BD6E-46C2-88BA-96CDCD999C69}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{94828ACF-6BBD-4CAE-9C7E-44EBE6682F77}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{948380B5-7DB8-44FC-8730-1DBACB44A427}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{949AE897-39ED-43B7-8B3C-D2E73A3A1683}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{94D2036E-6B4C-4B70-8422-2B65228D58D8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{94DEEC7F-8D05-4FA1-A1E1-14C8BAC27D81}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{951DCBD2-022B-4AA8-AB7F-AB4866BF4014}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{960189CC-CA92-4071-8D37-4B1B134B2E92}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9790A40F-53C9-4097-861A-86276FEB2202}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{97A9C787-FE6F-465E-B182-9C54221C662A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{97ECDE8D-38A2-4130-9F53-82F79FF1802A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{97F57BC0-DAE9-4B03-8B91-548879B00496}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9870D95F-9748-4450-AE22-F1534EC56494}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{995599A6-9D78-41F1-9236-0BC963658026}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9A201A4A-9777-4678-9D4F-CEDEF6F52BC1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9C79ED7F-5AB4-433F-ADE6-E6BA89C0D383}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9D29B8E0-3622-4764-A590-73E719D21DCF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{9FBA4359-E1D9-46DF-8362-965617657CD9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A0387E6E-80C2-4632-90A7-E34C61B79888}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A0F65AB8-27E2-4A08-8E7C-CE921F8923FC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A190DC2A-3DB6-4CB7-AFD2-47BFA9939708}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A1F0FF08-91A8-4FE2-A17A-ECF4DC13C888}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A2174A5D-CBE9-4AF7-AC78-1753590D05BA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A22F2E65-4260-4EC5-9B62-6F5505D215B4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A23F898A-C63C-4CFC-A7DB-19CE444D1926}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A27A0154-A029-4757-AB0E-9B6342BE4125}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A48A064E-B038-455F-B8AB-2E9DDAF62E86}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A4DA0E8A-70D8-41E1-A349-0FB14715804F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A64438CC-A61E-436D-8998-41D360D7F41D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A6F2D28C-4259-4691-A933-9B1BC68E2215}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A71BABA9-ECC5-4E38-BDDC-8A8DCFEA4D00}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A7A0721E-B501-4329-A152-A384F5698FA1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A7D39889-DA9D-41EC-B397-850709416889}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A7F658D8-D815-4FA3-9740-3A88C44413B9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A909868D-1097-4956-BFE0-B3ADB75669C5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{A956FD57-3000-431B-AFD0-7ABDA4AE0027}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{AA0D7049-F7EF-48C6-983C-D59B9FA0A7F5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{AAFDAE29-283D-4F7D-8FBB-6DE57F562BC5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{AB8DC5D1-5BC2-4344-BCD3-EF158B2DA7BC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{ABB7A02D-A355-46E2-AA05-DC208599607F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{AC5F3E88-803D-4A6E-8C7A-BCAC33672F64}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{AC848ADD-9291-4E78-A113-93E081A2F87C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{ADAC4BD7-077A-4387-AE06-B4E280305604}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{AF14753A-D933-4377-B0D3-0E0718943F04}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B00DB96D-0AA2-4E3C-B6F6-1D9BF3E776AF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B0BF9E1B-3BD9-4600-B62D-7FA16D231845}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B13D03F4-9743-48F9-8E48-113176D6F9BC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B1438B1D-4C15-44FD-A4D6-9C61E34589B7}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B1505115-B9D5-47F2-BC51-B4733827705E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B17762AE-BA39-4EBA-893A-997979F7790A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B1A99F6D-9983-47FC-A85A-0482D1ED8974}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B2546232-9EE2-467B-A350-9E84B5104180}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B33EC851-1304-48E8-87A2-33CBFF8C3FEE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B34F4C7E-DBE8-4861-91A4-2B4BA8F5ABDB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B36A7778-7531-4A18-B930-F710C79E0F1D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B5C67EAC-E1E5-4670-92AB-65ACB562B748}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B5E99F07-D4D9-437C-B2FC-98E5E7000FDC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B60E061B-5EBD-4798-B3B2-82A4CCAA81C4}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B704BA91-9AC2-4FCC-95CF-7116B0B4F358}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B756B958-A229-46EE-BDAB-F1051965A34F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B7C56F41-8A94-4744-95E0-DC42F1F16465}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B821C7F3-F64D-474A-90EF-6862F470E4CC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B8D57B7F-7FC2-44E9-8D98-7C4191F262A9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{B8F371A4-5DEE-42DA-A557-EC3F8F27B27C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BBDD9854-A402-423F-9BA7-C335403FA93F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BC9EF1FE-836E-4015-A20D-C597CD89514E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BE474EBC-4B6E-471A-9644-6A0A1E26F1C9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BEE75D9C-B016-4199-812F-B611CCA0367D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BFA25E72-F656-4463-AC03-BA0573615B79}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BFE18280-FE79-4F07-B9E4-6AD231252FEC}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{BFE39770-828D-4EBF-91FF-54275A2821BB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C134D7DA-4AC7-42EE-87A2-21D5F1E0A6AB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C26EB048-BF86-4AD7-9D4D-1E74A42E66AF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C2AD1C75-550D-4056-BCE6-3B964BC9387E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C3597917-7A59-4131-B6E8-9F5B22C89706}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C3921BF5-3743-415F-B13C-D4B034F04C91}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C67BF44C-1A94-4DDF-95AA-A33B4E070214}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C6D35333-5A4E-4D1D-9BDC-F9E41D94954E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C6D99743-0BE9-478D-8E9B-16828492423A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C77CDB0E-2077-4A01-8197-8F195C5463AA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C830E7A7-5B76-4502-A0CE-AB0F47A26D46}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{C8775CD8-014B-402C-AF69-489FBDBFE349}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{CA2BBBAF-A058-4776-BCF4-40267E06725B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{CA7CA538-0B72-4E23-A408-3C660AAEA77A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{CB362CF5-06E0-487F-A49E-D7C8F7C8DC2F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{CB6F37E5-6AB0-4368-94EB-EA20AF1E2935}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{CC35D163-B557-4B60-9C1A-0782B3CFB0A1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{CF8519E4-B284-4FFE-BAB7-F0B42F38760E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D03AF065-15FA-4BE7-900C-665A0A622209}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D0539508-FE1C-446A-A04F-52F203A48399}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D0592CE9-95A5-41F0-AB76-AF17653C78CB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D1990837-7190-4E1B-949B-F5E798A84026}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D39085ED-5820-42FC-97E8-E3FC3042AE28}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D3F77336-DCA7-4B22-95F4-A53081089137}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D4248560-4747-4412-83A4-C46EBBC01FEB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D49B6B51-00BB-4B0D-BDA8-A92923FE9F22}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D5065624-9276-46D2-B2FC-2DF46599014E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D50736C1-F723-4393-9A91-7749F119BB7E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D60CA3DC-F9D7-4165-8B04-40E891491CB8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D63A778A-5043-491A-B776-ADDDED226914}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D6CCA79C-E4B2-477D-9404-CB5457455759}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D71F66B8-860E-48A8-BD1C-7B844E441B99}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D8323B86-FD78-4056-BF9C-522B328876B1}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{D9CCBB42-AF93-4193-BCB1-D2CBA75005F6}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DA5F34B3-864D-47E1-9854-5567AE3110B5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DA69AE6B-2597-40AF-9123-972E7246E719}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DB358974-73DD-4B2B-B944-158A3652CF44}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DBE63562-FBF2-452A-A806-C1EAC304EC98}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DCCDAEB4-2260-4717-9A82-BC969E0B0C22}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DE812914-DD10-4819-9F7F-C996091258E9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{DF81E8FD-C457-4451-8F6D-6AD869FC094B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E0BA3714-E3C3-44D3-8723-A34723561251}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E13F900B-91D1-4D79-9D85-C13452D83F02}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E14188A9-6687-4BB8-87C5-A4142762D8FD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E1772B7A-27A5-4D0B-BA0E-0FCDD33F703B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E17B7F9D-695A-4E69-9A66-777B823BE659}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E2519ADE-C08F-47F0-B6C1-9E014FBE2ED3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E2F04046-4604-404A-A498-547D5451A7FB}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E390EEA6-4B21-4FAB-ADA9-9A3D05517294}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E3A32E0F-70D3-41BA-A7E1-121545A6F857}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E4ADACAD-06D3-447A-BBC1-255FB36C9601}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E5808A62-0A27-47C7-8539-9DA0325A5FBE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E6667252-8B09-4A6F-BE7D-D85B838EBA68}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E6EBB8C1-AE4D-4618-9179-C62A5DDCEDEA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E6EE5383-8A8A-454E-AFD4-B3C08FBE0015}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E7DF2EB8-FD6E-4D97-947F-8195E6F3E7D2}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{E9BFED7D-5C20-4E22-A32F-BCC9C45553BE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EB3D6724-CE1D-43F3-8B88-2B7112475C7B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EC345A33-9DEE-4119-B47A-E38D21F5EC67}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{ED05C5E9-7588-43C6-B5BC-1F0DB02772EE}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{ED5CDDCD-D931-4A28-8125-8DB2544DE41A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{ED5EF7D3-F2A3-49D7-9D67-6755412B359F}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EDC5EC90-48E3-45EE-9B25-4D047995C907}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EDDB8B33-4441-4337-A819-563044311DAF}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EEA765DA-F006-4CD6-9C2B-6F6557E9335E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EEF301BC-4BA3-4D6A-BAFF-8F4168080651}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EFA3DBDE-CBFB-4CBB-80A6-2DBD92D15D0E}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{EFB50FA3-6F25-4A70-9F18-09D89049B0B5}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F0070F32-050A-42B3-9D7F-8960CCE7A22D}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F1CE77D7-DED5-4BCC-AD66-0F3E47C8503C}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F29AB6E7-14F0-438A-A5FB-E853953BA0CD}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F31F4B60-E406-42E1-86A9-00D58D15C1B9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F3E7E567-4793-4F87-B39D-3052E8EF5517}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F459AA44-710D-44C1-8C6E-8E5A2B5FC513}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F5030AFC-2169-4CCB-8680-C84817CCC524}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F85B7249-20A1-4429-B96A-E5FAC1C29248}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F865E1D5-21B9-48A4-8C91-197889A88B4B}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F912CC48-1273-449C-A15D-E941D5195AAA}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F98678EA-1A4F-4C43-8BBE-ACEC4B21E450}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{F9FFA237-4EA4-4394-BAED-9411A6363F65}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FA11162B-95DD-4A29-A0C9-E9A22EE5BF3A}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FA19F4B0-4499-482E-9A19-B8E08D230678}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FAEDC8DB-A354-4785-866B-2F09BFC49FB8}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FB0EE875-C57F-4CCA-BCA1-635C52F1DA04}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FBD454F1-C3BE-44EE-9551-AD8C947BE0D3}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FD60D379-273F-4ABA-BC41-3FB497B38276}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FD9E2609-6BE8-4BB2-858E-F3C3494C73A9}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FEA58E5C-C98B-4EFE-B7DD-260C2BA52310}
Successfully deleted: [Empty Folder] C:\Users\Matt\Appdata\Local\{FEDB8481-30A7-4E59-9FAC-E7F0A1246F8D}
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\productdata
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\33xeebnx.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\33xeebnx.default\extensions\staged
Successfully deleted the following from C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\33xeebnx.default\prefs.js
 
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, f47f729c0000000000005cac4c3259f8);
user_pref(extensions.delta.instlDay, 15927);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.22.0);
user_pref(extensions.delta.vrsnTs, 1.8.22.020:01:38);
user_pref(extensions.delta.vrsni, 1.8.22.0);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121240&tt=070813_wc2&tsp=4970);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\33xeebnx.default\minidumps [2 files]
 
 
 
~~~ Chrome
 
 
[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Matt\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/07/2015 at 21:27:58.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#15
hotdog_1984

hotdog_1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Matt (administrator) on MATT-PC (27-07-2015 21:30:58)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Jo & Mcx1-MATT-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-04] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-18] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE [213504 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-1492825921-750369754-554371985-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-18] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1492825921-750369754-554371985-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-18] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-18] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-22] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: [DhcpNameServer] 168.95.1.1
Tcpip\..\Interfaces\{4F5B2ED9-FFBF-4297-BE05-E23927C0EBF7}: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: foxfilterinspiredeffectnet - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-02]
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\Extensions\[email protected] [2015-04-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-18]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected]59f58c578.com [not found]
FF Extension: No Name - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\33xeebnx.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-18] (Avast Software s.r.o.)
S2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585408 2015-04-02] (IObit)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-18] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-18] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-18] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-18] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-18] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-18] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-18] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 21:27 - 2015-07-27 21:27 - 00043038 _____ C:\Users\Matt\Desktop\JRT.txt
2015-07-27 21:15 - 2015-07-27 21:15 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Matt\Desktop\JRT.exe
2015-07-27 20:37 - 2015-07-27 20:37 - 02248704 _____ C:\Users\Matt\Downloads\AdwCleaner.exe
2015-07-27 20:19 - 2015-07-27 20:19 - 01630952 _____ C:\Users\Matt\Downloads\PANDAFREEAV.exe
2015-07-27 14:05 - 2015-07-27 14:06 - 00000000 ____D C:\Users\Jo\AppData\Local\{F07827BB-E76D-4300-B130-A9FEC906C7B2}
2015-07-27 14:05 - 2015-07-27 14:05 - 00000000 ____D C:\ProgramData\Intel
2015-07-27 11:42 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-07-27 11:42 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-07-27 11:42 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-07-27 11:42 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-07-27 11:42 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-07-27 11:42 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-27 11:42 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-07-27 11:42 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-27 11:42 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-07-27 11:42 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-07-27 11:42 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-27 11:42 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-27 11:42 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-27 11:42 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-07-27 11:42 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-27 11:42 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-07-27 11:42 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-27 11:42 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-27 11:39 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-27 11:39 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-27 11:39 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-27 11:39 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-07-27 11:39 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-07-27 11:39 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-27 11:36 - 2015-03-14 04:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-27 11:36 - 2015-03-14 04:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-27 11:36 - 2015-03-14 04:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-27 11:36 - 2015-03-14 04:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-27 11:35 - 2015-05-09 19:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-27 09:42 - 2015-07-27 09:43 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-27 09:42 - 2015-07-27 09:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-27 08:49 - 2015-07-27 08:49 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2015-07-27 08:18 - 2015-07-27 08:21 - 00005374 _____ C:\VEW.txt
2015-07-27 08:15 - 2015-07-27 08:15 - 00061440 _____ ( ) C:\Users\Matt\Downloads\VEW.exe
2015-07-27 06:26 - 2015-07-27 06:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-27 03:29 - 2015-01-09 00:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-07-27 03:29 - 2015-01-09 00:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-07-27 02:28 - 2015-07-27 09:30 - 00288900 _____ C:\Windows\msxml4-KB973688-enu.LOG
2015-07-27 01:54 - 2015-07-27 08:50 - 00292102 _____ C:\Windows\msxml4-KB954430-enu.LOG
2015-07-27 01:36 - 2015-07-27 01:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-27 01:36 - 2015-07-27 01:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-27 01:36 - 2015-07-27 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-27 01:24 - 2015-05-01 14:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 01:24 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 01:15 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-27 01:15 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-07-27 00:57 - 2015-07-09 18:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-27 00:57 - 2015-07-09 18:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-27 00:57 - 2015-07-09 18:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-27 00:57 - 2015-07-09 18:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 00:57 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-27 00:57 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-27 00:57 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-27 00:57 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-27 00:57 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-27 00:57 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-27 00:57 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-27 00:57 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-27 00:57 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-27 00:57 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-27 00:57 - 2015-06-03 21:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-07-27 00:57 - 2015-06-03 21:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-27 00:56 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-27 00:56 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-27 00:56 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-27 00:56 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-27 00:56 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-27 00:56 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-27 00:56 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-27 00:56 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-27 00:56 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-27 00:56 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-27 00:56 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-27 00:56 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-27 00:56 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-27 00:56 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-27 00:56 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-27 00:56 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-27 00:56 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-27 00:56 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-27 00:56 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-27 00:56 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-27 00:56 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-27 00:56 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-27 00:56 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-27 00:56 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-27 00:56 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-27 00:56 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-27 00:56 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-27 00:56 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-27 00:56 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-27 00:56 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-27 00:56 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-27 00:56 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-27 00:56 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-27 00:56 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-27 00:56 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-27 00:56 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-27 00:56 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-27 00:56 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-27 00:56 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-27 00:56 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-27 00:56 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-27 00:56 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-27 00:56 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-27 00:56 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-27 00:56 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-27 00:56 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-27 00:56 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-07-27 00:56 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-07-27 00:56 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-07-27 00:56 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-07-27 00:56 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-27 00:56 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-07-27 00:56 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-07-27 00:56 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-07-27 00:56 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-07-27 00:56 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-07-27 00:56 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-07-27 00:55 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-07-27 00:55 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-07-27 00:55 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-07-27 00:54 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-27 00:54 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-27 00:54 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-27 00:54 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-27 00:54 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-27 00:54 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-27 00:54 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-27 00:54 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-27 00:54 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-27 00:54 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-27 00:54 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-27 00:54 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-27 00:54 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-27 00:54 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-27 00:54 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-27 00:54 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-27 00:54 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-27 00:54 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-27 00:54 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-27 00:52 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-27 00:52 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-27 00:52 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-27 00:52 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-27 00:52 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-27 00:52 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-27 00:52 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-27 00:52 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-27 00:52 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-27 00:52 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-27 00:52 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-27 00:52 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-27 00:52 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-27 00:52 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-27 00:52 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-27 00:52 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-27 00:52 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-27 00:52 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-27 00:52 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-27 00:52 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-27 00:51 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-27 00:51 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-27 00:51 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-27 00:51 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-27 00:51 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-27 00:51 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-27 00:51 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-27 00:51 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-27 00:51 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-27 00:50 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-27 00:50 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-27 00:50 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-27 00:50 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-27 00:50 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-27 00:50 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-27 00:50 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-27 00:50 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-27 00:50 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-27 00:50 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-27 00:50 - 2015-03-04 05:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-27 00:50 - 2015-03-04 05:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-27 00:50 - 2015-03-04 05:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-27 00:50 - 2015-03-04 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-27 00:50 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-27 00:50 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-27 00:50 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-27 00:49 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-27 00:49 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-27 00:49 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-27 00:49 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-27 00:49 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-27 00:49 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-27 00:49 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-27 00:49 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-27 00:49 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-27 00:49 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-27 00:49 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-27 00:49 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-27 00:49 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-27 00:49 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-27 00:49 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-27 00:49 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-27 00:49 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-27 00:49 - 2015-04-18 04:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-27 00:49 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-27 00:49 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-07-27 00:49 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-07-27 00:48 - 2015-06-03 21:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-27 00:48 - 2015-04-08 04:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-27 00:48 - 2015-04-08 04:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-27 00:48 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-27 00:48 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-07-27 00:48 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-07-27 00:48 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-07-27 00:47 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-27 00:47 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-27 00:47 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-27 00:47 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-27 00:47 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-27 00:47 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-27 00:47 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-27 00:47 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-27 00:47 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-27 00:47 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-27 00:47 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-27 00:47 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-27 00:47 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-27 00:47 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-27 00:47 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-27 00:47 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-27 00:47 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-27 00:47 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-27 00:47 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-27 00:47 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-27 00:47 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-27 00:47 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-27 00:47 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-27 00:47 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-27 00:47 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-27 00:47 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-27 00:47 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-27 00:47 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-07-27 00:46 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-27 00:46 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-27 00:46 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-27 00:46 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-27 00:46 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-27 00:46 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-27 00:46 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-27 00:46 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-27 00:46 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-27 00:46 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-27 00:46 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-27 00:46 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-27 00:46 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-27 00:46 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-27 00:46 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-27 00:46 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-27 00:46 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-27 00:46 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-27 00:46 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-27 00:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-07-27 00:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-07-27 00:46 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-07-27 00:46 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-07-27 00:46 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-07-27 00:46 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-07-27 00:46 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-07-27 00:46 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-07-27 00:46 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-07-27 00:45 - 2015-04-20 04:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-27 00:45 - 2015-04-20 04:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-27 00:45 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-27 00:45 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-27 00:45 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-27 00:44 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-27 00:44 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-27 00:44 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-27 00:44 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-27 00:44 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-27 00:44 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-27 00:44 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-27 00:44 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-27 00:44 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-27 00:44 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-27 00:44 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-27 00:44 - 2015-04-13 04:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-27 00:44 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-27 00:44 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-27 00:44 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-27 00:44 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-27 00:44 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-27 00:44 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-27 00:44 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-27 00:44 - 2015-01-29 04:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-27 00:44 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-27 00:44 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-27 00:44 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-07-27 00:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-07-27 00:44 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-07-27 00:44 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-07-27 00:44 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-07-27 00:44 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-07-27 00:44 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-07-27 00:44 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-07-27 00:44 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-07-27 00:44 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-07-27 00:44 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-07-27 00:44 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-07-27 00:44 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-07-27 00:44 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-07-27 00:44 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-07-27 00:19 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-27 00:19 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-26 23:23 - 2015-07-27 08:27 - 00031454 _____ C:\Users\Matt\Downloads\Addition.txt
2015-07-26 23:17 - 2015-07-27 21:31 - 00016195 _____ C:\Users\Matt\Downloads\FRST.txt
2015-07-26 23:13 - 2015-07-26 23:13 - 00003886 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.231334.2184.log
2015-07-26 23:04 - 2015-07-26 23:05 - 00021395 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.zip
2015-07-26 23:04 - 2015-07-26 23:05 - 00004948 _____ C:\Users\Matt\Downloads\ESETNecursCleaner.exe_20150726.230411.2676.log
2015-07-26 23:04 - 2015-07-26 23:04 - 00260296 _____ (ESET) C:\Users\Matt\Downloads\ESETNecursCleaner.exe
2015-07-26 23:01 - 2015-07-26 23:01 - 02146816 _____ (Farbar) C:\Users\Matt\Downloads\FRST64.exe
2015-07-24 22:24 - 2015-07-27 21:31 - 00000000 ____D C:\FRST
2015-07-23 12:42 - 2015-07-23 12:47 - 00000281 _____ C:\Users\Matt\Desktop\IMAC Comparison.txt
2015-07-11 11:02 - 2015-07-11 11:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 09:01 - 2015-07-11 09:02 - 00000000 ____D C:\Users\Jo\AppData\Local\{252270E9-4272-4809-9F13-3FC4FC5EC7E3}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 21:20 - 2015-06-17 19:42 - 01455970 _____ C:\Windows\WindowsUpdate.log
2015-07-27 21:02 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-27 21:02 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-27 20:53 - 2011-05-12 17:35 - 00000000 ____D C:\Users\Matt\Tracing
2015-07-27 20:51 - 2015-04-18 01:47 - 00002096 _____ C:\Windows\setupact.log
2015-07-27 20:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 20:48 - 2015-04-18 00:18 - 00000000 ____D C:\AdwCleaner
2015-07-27 20:31 - 2015-04-18 20:52 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-27 20:05 - 2009-07-14 06:13 - 00783400 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 14:05 - 2011-11-16 14:24 - 00000000 ____D C:\Users\Jo\Tracing
2015-07-27 14:04 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-27 11:49 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-27 11:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-27 11:42 - 2010-08-30 10:01 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-27 09:36 - 2011-05-10 20:23 - 00767710 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-27 08:56 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-27 08:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2015-07-27 08:22 - 2014-05-08 21:41 - 00000000 __SHD C:\Users\Matt\AppData\Local\EmieUserList
2015-07-27 08:22 - 2014-05-08 21:41 - 00000000 __SHD C:\Users\Matt\AppData\Local\EmieSiteList
2015-07-27 07:05 - 2015-04-18 01:46 - 00361930 _____ C:\Windows\PFRO.log
2015-07-27 06:31 - 2009-07-14 05:45 - 00410928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 06:26 - 2014-05-06 20:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 06:26 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-27 06:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-27 04:01 - 2011-12-21 22:32 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-27 03:18 - 2011-05-10 20:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-07-27 03:09 - 2011-05-17 15:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-27 01:36 - 2011-03-10 21:28 - 00000000 ____D C:\ProgramData\Skype
2015-07-27 01:11 - 2013-08-17 06:26 - 00000000 ____D C:\Windows\system32\MRT
2015-07-26 23:25 - 2011-09-18 10:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-24 23:04 - 2012-11-10 17:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-24 23:04 - 2012-11-10 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-24 23:04 - 2011-09-18 10:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 07:31 - 2012-01-29 23:46 - 00024264 _____ C:\Users\Matt\Downloads\House expenses.xlsx
2015-07-19 07:58 - 2011-12-21 22:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 07:58 - 2011-12-21 22:22 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-03 08:43 - 2011-03-07 22:52 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-28 22:43 - 2013-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2013-11-26 00:16 - 2013-11-26 00:16 - 0025757 _____ () C:\Users\Matt\AppData\Roaming\UserTile.png
2011-11-09 14:16 - 2015-04-18 15:32 - 0105348 _____ () C:\Users\Matt\AppData\Local\ars.cache
2011-11-09 14:21 - 2015-04-18 15:33 - 7219139 _____ () C:\Users\Matt\AppData\Local\census.cache
2011-11-09 12:09 - 2011-11-09 12:09 - 0000036 _____ () C:\Users\Matt\AppData\Local\housecall.guid.cache
2015-04-17 00:35 - 2015-04-18 08:43 - 0000010 _____ () C:\Users\Matt\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
C:\Users\Matt\AppData\Local\Temp\Quarantine.exe
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-27 05:12
 
==================== End of log ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP