Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Superbly Slow startup, slow opening of programs. [Closed]


  • This topic is locked This topic is locked

#1
Robbie Babikoff

Robbie Babikoff

    New Member

  • Member
  • Pip
  • 8 posts

Hi, so I don't know what the issue is with my computer, I appear to have some viruses (I think, i'm not good with computers) but, i've tried the virus scanners and it tells me I have nothing, there's obviously something in my computer because it wasn't normally like this. 

 

Also, on start-up my internet takes like 20 minutes to reconnect, I don't know if this is my driver, but I've looked in my network location and it shows a disconnected driver, but I'm still connected to my internet?

 

There's a lot of issues with this laptop, I really have no idea where to begin fixing anything.. 

 

There's also some files that I have no idea what they are, they're just jumbled letters and numbers and I can't remove them, it says I don't have permission from Network something.. 

 

Attached Thumbnails

  • NetworkDrivers.png
  • Unknown Files.png

  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi Robbie Babikoff,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.
 

I don't know if this is my driver, but I've looked in my network location and it shows a disconnected driver, but I'm still connected to my internet?

 
The network (mapped) drive shown has nothing to do whether you're connected to the internet or not. I believe (from the picture), that it is a mapped drive to a network location which is setup by you or your family members previously. You can read more about network drive and location. You can either delete or disconnect the mapped location and it will not appear on your system anymore.
 

they're just jumbled letters and numbers and I can't remove them

 
These are usually folders created by Windows during Windows Update. The folders are no harm, we can certainly try to remove it later. 
But first, let's try to see if we can identify and resolve the (malware) issue you're facing.


FRST.gif Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Apologies for responding Late, i'm starting the process now. :) 


  • 0

#4
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Brenda (administrator) on BRENDA-HP (14-03-2016 15:14:28)
Running from C:\Users\Brenda\Desktop
Loaded Profiles: Brenda (Available Profiles: Brenda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Brenda\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2012-03-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Facebook Update] => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Epson Stylus NX430(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2012-03-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Spotify Web Helper] => C:\Users\Brenda\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-26] (Spotify Ltd)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\MountPoints2: {edf0e634-8006-11e4-86b4-009c021861a2} - G:\Windows\AutoRun.exe {E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70} 3.0.0.01 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{58FCA57B-8E3E-4635-829C-5B717E7CE575}: [DhcpNameServer] 192.168.0.1 205.171.3.65
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=websearch.coolfindings.info%2F%3Fpid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS&OSP=websearch.coolfindings.info%2F%3Fl%3D1%26q%3D%7BsearchTerms%7D%26pid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS
URLSearchHook: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> Default = {b843a48a-b70f-45cd-a15a-6c2b30c2c11e}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {1E6356A1-70A1-450F-A58A-F975AF705B2B} URL = hxxp://ws.infospace.com/gamers_brw/ws/redir?_iceUrl=true&user_id=%userid&tool_id=%toolid&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-31] (Google Inc.)
Toolbar: HKLM-x32 - Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> No Name - {25515A79-C1C7-4B97-97F8-31A711694487} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\tkt29lin.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-13] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-10-17] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @g2.com/iggweb3dupdater -> C:\Users\Brenda\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @g2.com/joyconnectshell -> C:\Users\Brenda\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Brenda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Brenda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-12] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-24] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-13] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-13] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{56D10AE9-6227-455E-95C3-73CD63A091EC}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxps://www.facebook.com/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Google Search) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-10-17] ()
R2 RealPlayer Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1418336 2013-11-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [29320 2013-10-25] ()
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 massfilter_brcm; C:\Windows\system32\drivers\massfilter_brcm.sys [20232 2012-06-07] (Handset Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 15:14 - 2016-03-14 15:16 - 00026459 _____ C:\Users\Brenda\Desktop\FRST.txt
2016-03-14 15:14 - 2016-03-14 15:14 - 00000000 ____D C:\FRST
2016-03-14 15:13 - 2016-03-14 15:14 - 02374144 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2016-03-14 15:02 - 2016-03-14 15:02 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-14 15:02 - 2016-03-14 15:02 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-12 20:54 - 2016-03-12 20:54 - 00265223 _____ C:\Users\Brenda\Desktop\Babikoff Resume 6_13_14(1).pdf
2016-03-12 13:00 - 2016-03-12 13:00 - 00003114 _____ C:\Windows\System32\Tasks\{BB912A04-B1D5-46E6-85ED-79A8C200EFB5}
2016-03-12 12:27 - 2016-03-12 12:27 - 00000000 ____H C:\Users\Brenda\AppData\Local\BIT18EC.tmp
2016-03-12 12:21 - 2016-03-12 12:21 - 00000000 _____ C:\Users\Brenda\AppData\Local\{D102A48E-B9B3-4424-9FBC-940E6D027909}
2016-03-12 12:14 - 2016-02-12 11:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-12 12:14 - 2016-02-12 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-12 12:14 - 2016-02-12 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-12 12:14 - 2016-02-12 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-12 12:14 - 2016-02-12 11:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-12 12:14 - 2016-02-12 11:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-12 12:14 - 2016-02-12 11:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-12 12:14 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-12 12:14 - 2016-02-12 11:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-12 12:14 - 2016-02-12 11:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-12 12:14 - 2016-02-12 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-12 12:14 - 2016-02-12 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-12 12:14 - 2016-02-12 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-12 12:14 - 2016-02-05 11:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-12 12:14 - 2016-02-05 11:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-12 12:14 - 2016-02-05 11:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-12 12:14 - 2016-02-05 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-12 12:14 - 2016-02-05 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-12 12:14 - 2016-02-05 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-12 12:14 - 2016-02-05 11:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-12 12:14 - 2016-02-05 10:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-12 12:14 - 2016-02-05 10:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-12 12:14 - 2016-02-05 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-12 12:14 - 2016-02-04 18:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-12 12:14 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-12 12:14 - 2016-02-04 10:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-12 12:14 - 2016-02-03 11:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-12 12:14 - 2016-02-03 11:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-12 12:14 - 2016-02-03 11:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-12 12:14 - 2016-02-03 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-12 12:14 - 2016-02-03 11:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-12 12:14 - 2016-01-11 12:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-12 12:14 - 2015-11-19 07:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-12 12:13 - 2016-02-08 23:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-12 12:13 - 2016-02-08 23:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-12 12:13 - 2016-02-08 14:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-12 12:13 - 2016-02-08 13:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-12 12:13 - 2016-02-08 13:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-12 12:13 - 2016-02-08 13:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-12 12:13 - 2016-02-08 13:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-12 12:13 - 2016-02-08 13:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-12 12:13 - 2016-02-08 13:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-12 12:13 - 2016-02-08 13:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-12 12:13 - 2016-02-08 13:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-12 12:13 - 2016-02-08 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-12 12:13 - 2016-02-08 13:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-12 12:13 - 2016-02-08 13:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-12 12:13 - 2016-02-08 13:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-12 12:13 - 2016-02-08 13:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-12 12:13 - 2016-02-08 13:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-12 12:13 - 2016-02-08 13:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-12 12:13 - 2016-02-08 13:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-12 12:13 - 2016-02-08 13:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-12 12:13 - 2016-02-08 13:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-12 12:13 - 2016-02-08 13:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-12 12:13 - 2016-02-08 13:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-12 12:13 - 2016-02-08 13:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-12 12:13 - 2016-02-08 13:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-12 12:13 - 2016-02-08 13:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-12 12:13 - 2016-02-08 13:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-12 12:13 - 2016-02-08 12:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-12 12:13 - 2016-02-08 12:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-12 12:13 - 2016-02-08 12:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-12 12:13 - 2016-02-08 11:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-12 12:13 - 2016-02-08 11:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-12 12:13 - 2016-02-08 11:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-12 12:13 - 2016-02-08 11:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-12 12:13 - 2016-02-08 11:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-12 12:13 - 2016-02-08 11:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-12 12:13 - 2016-02-08 11:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-12 12:13 - 2016-02-08 11:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-12 12:13 - 2016-02-08 11:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-12 12:13 - 2016-02-08 11:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-12 12:13 - 2016-02-08 11:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-12 12:13 - 2016-02-08 11:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-12 12:13 - 2016-02-08 11:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-12 12:13 - 2016-02-08 11:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-12 12:13 - 2016-02-08 11:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-12 12:13 - 2016-02-08 10:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-12 12:13 - 2016-02-08 10:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-12 12:13 - 2016-02-08 10:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-12 12:13 - 2016-02-08 10:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-12 12:13 - 2016-02-08 10:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-12 12:13 - 2016-02-08 10:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-12 12:13 - 2016-02-08 10:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-12 12:13 - 2016-02-08 10:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-12 12:13 - 2016-02-08 10:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-12 12:13 - 2016-02-08 10:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-12 12:13 - 2016-02-08 10:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-12 12:13 - 2016-02-08 10:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-12 12:13 - 2016-02-08 10:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-12 12:13 - 2016-02-08 10:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-12 12:13 - 2016-02-08 09:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-12 12:12 - 2016-02-11 11:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-12 12:12 - 2016-02-11 11:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-12 12:12 - 2016-02-11 11:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-12 12:12 - 2016-02-11 11:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-12 12:12 - 2016-02-11 11:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-12 12:12 - 2016-02-11 11:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-12 12:12 - 2016-02-11 11:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-12 12:12 - 2016-02-11 11:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-12 12:12 - 2016-02-11 11:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-12 12:12 - 2016-02-11 11:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-12 12:12 - 2016-02-11 10:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-12 12:12 - 2016-02-11 10:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-12 12:12 - 2016-02-11 10:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-12 12:12 - 2016-02-11 10:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-12 12:12 - 2016-02-11 10:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-12 12:12 - 2016-02-11 10:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-12 12:12 - 2016-02-11 10:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-12 12:12 - 2016-02-11 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-12 12:12 - 2016-02-11 10:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-12 12:11 - 2016-02-09 02:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-12 12:11 - 2016-02-09 02:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-12 12:10 - 2016-02-19 12:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-12 12:10 - 2016-02-19 11:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-12 12:10 - 2016-02-19 07:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-12 12:10 - 2016-02-11 07:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-12 12:10 - 2016-02-09 02:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-12 12:10 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-12 12:10 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-12 12:10 - 2016-02-09 02:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-12 12:10 - 2016-02-09 02:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-12 12:10 - 2016-02-09 02:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-12 12:10 - 2016-02-09 02:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-12 12:10 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-12 12:10 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-12 10:59 - 2016-03-12 10:59 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-12 10:59 - 2016-03-12 10:59 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-04 09:58 - 2016-03-12 12:44 - 00003366 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-03 16:16 - 2016-03-14 09:53 - 00003500 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Brenda
2016-03-03 16:16 - 2016-03-03 16:16 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Brenda
2016-03-03 16:16 - 2016-03-03 16:16 - 00003208 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Brenda
2016-03-03 16:15 - 2016-03-14 09:51 - 00003494 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Brenda
2016-02-29 12:48 - 2016-02-29 12:49 - 00000000 ____D C:\9a392ad229231899ea2b1a
2016-02-29 11:43 - 2016-03-12 09:03 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBrenda
2016-02-29 11:43 - 2016-03-12 09:03 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
2016-02-26 13:02 - 2016-03-04 10:18 - 00000000 ____D C:\Users\Brenda\Documents\Resumes
2016-02-26 11:41 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-26 11:41 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-26 11:35 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-26 11:34 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-26 11:34 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-26 11:30 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-26 11:30 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-26 11:30 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-26 11:30 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-26 11:30 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-26 11:30 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-26 11:30 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-26 11:24 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-26 11:24 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-26 11:23 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-26 11:23 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-26 11:23 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-26 11:23 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-26 11:23 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-26 11:23 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-13 07:21 - 2016-03-13 01:21 - 00000000 ___HD C:\$WINDOWS.~BT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 15:09 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 15:09 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 15:06 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 15:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-14 15:00 - 2012-08-24 12:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 14:59 - 2015-01-06 20:13 - 00001344 _____ C:\Windows\Tasks\PRTKUAT.job
2016-03-14 14:59 - 2015-01-06 20:12 - 00001688 _____ C:\Windows\Tasks\GGHSMEV.job
2016-03-14 14:59 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 14:55 - 2012-08-24 12:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 14:55 - 2012-04-01 17:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-14 14:25 - 2014-07-10 13:25 - 00000296 _____ C:\Windows\Tasks\UpdaterEX.job
2016-03-14 13:56 - 2012-06-03 16:46 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA.job
2016-03-14 13:56 - 2012-06-03 16:46 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core.job
2016-03-14 09:53 - 2012-03-03 12:23 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F37CBA61-F619-4F41-A793-54729BB1184D}
2016-03-13 19:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-03-13 13:15 - 2009-07-13 21:45 - 00413160 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-13 13:12 - 2014-12-11 06:20 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-13 09:55 - 2012-04-01 17:44 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-13 09:55 - 2012-04-01 17:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-13 09:54 - 2011-08-08 21:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-13 09:51 - 2013-07-17 05:54 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 09:31 - 2012-03-10 22:01 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-12 20:43 - 2007-01-01 18:25 - 00000000 ____D C:\Windows\Panther
2016-03-12 12:49 - 2011-08-08 21:45 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-03-12 12:46 - 2011-08-08 21:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-12 12:44 - 2015-08-26 08:42 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-12 10:59 - 2015-03-18 10:11 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-12 09:56 - 2013-08-06 07:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-12 09:05 - 2012-03-03 12:51 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-12 09:03 - 2012-10-31 05:13 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBRENDA-HP$.job
2016-03-12 09:02 - 2012-10-31 05:13 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBRENDA-HP$
2016-03-03 16:17 - 2012-03-09 07:04 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Epson
2016-02-29 12:49 - 2015-04-05 07:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-29 12:49 - 2015-04-05 07:54 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-29 12:49 - 2014-05-07 07:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-29 12:43 - 2011-08-08 21:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-02-29 12:43 - 2011-08-08 21:18 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-29 12:41 - 2011-08-08 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-29 11:52 - 2011-02-10 12:23 - 00000000 ____D C:\SWSetup
2016-02-29 11:27 - 2015-01-08 17:16 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-29 11:27 - 2015-01-08 17:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-29 11:27 - 2015-01-08 17:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-29 11:27 - 2012-03-03 12:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-26 13:16 - 2012-05-17 19:46 - 00509952 ___SH C:\Users\Brenda\Documents\Thumbs.db
2016-02-26 12:49 - 2012-11-25 16:04 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-26 11:48 - 2009-07-13 19:34 - 00000580 _____ C:\Windows\win.ini
2016-02-26 11:12 - 2012-05-13 05:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-26 11:12 - 2012-05-13 05:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2015-08-03 13:36 - 2015-08-03 13:36 - 6420480 _____ () C:\Program Files (x86)\GUT472E.tmp
2016-02-05 13:34 - 2016-02-05 13:34 - 6871040 _____ () C:\Program Files (x86)\GUTB55A.tmp
2015-07-07 22:11 - 2015-08-07 20:03 - 0000024 _____ () C:\Users\Brenda\AppData\Roaming\appdataFr25.bin
2014-04-18 15:08 - 2014-04-18 15:08 - 0001174 _____ () C:\Users\Brenda\AppData\Roaming\aps.scan.quick.results
2014-04-18 15:08 - 2014-04-18 15:08 - 0000000 _____ () C:\Users\Brenda\AppData\Roaming\aps.scan.results
2014-04-18 15:08 - 2014-04-18 15:08 - 0000318 _____ () C:\Users\Brenda\AppData\Roaming\aps.uninstall.scan.results
2014-11-04 16:53 - 2014-12-05 12:33 - 0000111 _____ () C:\Users\Brenda\AppData\Roaming\sdole32.ini
2014-07-10 13:25 - 2015-01-21 01:39 - 0000152 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG
2016-03-12 12:27 - 2016-03-12 12:27 - 0000000 ____H () C:\Users\Brenda\AppData\Local\BIT18EC.tmp
2015-01-19 22:39 - 2015-01-19 22:39 - 0000001 _____ () C:\Users\Brenda\AppData\Local\DSI.DAT
2015-05-24 00:23 - 2015-05-24 00:23 - 0000000 _____ () C:\Users\Brenda\AppData\Local\Temp.dat
2016-03-12 12:21 - 2016-03-12 12:21 - 0000000 _____ () C:\Users\Brenda\AppData\Local\{D102A48E-B9B3-4424-9FBC-940E6D027909}
 
Some files in TEMP:
====================
C:\Users\Brenda\AppData\Local\Temp\Extract.exe
C:\Users\Brenda\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Brenda\AppData\Local\Temp\lowproc.exe
C:\Users\Brenda\AppData\Local\Temp\stubhelper.dll
C:\Users\Brenda\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-13 18:52
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Brenda (2016-03-14 15:17:24)
Running from C:\Users\Brenda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-03 19:13:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2178881584-2744589791-4175445109-500 - Administrator - Disabled)
Brenda (S-1-5-21-2178881584-2744589791-4175445109-1001 - Administrator - Enabled) => C:\Users\Brenda
Guest (S-1-5-21-2178881584-2744589791-4175445109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2178881584-2744589791-4175445109-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Extended Update (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LighterProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed331a23}) (Version:  - Software Publisher) <==== ATTENTION
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Pascal Handset USB Driver (HKLM\...\{9B00E99F-83A4-40d4-B987-7EB04F722BB7}) (Version:  - ZTE Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE Z768G Handset USB Driver (HKLM\...\{E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70}_is1) (Version: 3.0.0.01 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15DDE21C-45F5-480D-ACA9-431335B94CC0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {19836291-3B1C-464C-A521-62213FAD157B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {1B1D62D6-941C-4B04-B86D-F26342554F22} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-10-17] (RealNetworks, Inc.)
Task: {1C726821-5CDA-4DF8-8D28-34BD22659AF4} - System32\Tasks\{D14D5478-E947-48EE-92E8-1E8A60AA0F82} => pcalua.exe -a "C:\Users\Brenda\Downloads\GamersUnite_SnagBar (1).exe" -d C:\Users\Brenda\Desktop
Task: {1FD989F3-1661-48E6-92E0-692ABFD48B15} - System32\Tasks\{4C2BA0D3-9A1D-4EDC-AB47-9A0C88E462F8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {3CE8908B-335C-4F33-949D-050E51157D82} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {534CBF3F-AEA8-451B-82AE-811914863696} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5830A420-EDDD-4B58-895F-8712B5B48B50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {6C842032-DECC-4507-B1F9-7AF77B1C0F3A} - System32\Tasks\{729041D1-F38F-4BBE-8EE0-2C33F42A849B} => pcalua.exe -a C:\Users\Brenda\Downloads\GamersUnite_SnagBar.exe -d C:\Users\Brenda\Desktop
Task: {6D7998D0-EB9A-4212-853A-695BD9869BB1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {6DCAFF31-E40D-4FFE-9B77-E1896D3641FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-13] (Adobe Systems Incorporated)
Task: {78020E27-5B89-4460-A18E-BE732FCD94CF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {7F6047E7-D8B6-4A8A-A5B5-38F61B99BE1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {892F8B90-D47A-473F-B77E-B2D6AF4F6AB2} - System32\Tasks\{BB912A04-B1D5-46E6-85ED-79A8C200EFB5} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {8ADCE67D-2FA0-4C23-B912-5D760ED1173E} - System32\Tasks\RNUpgradeHelperResumePrompt_Brenda => C:\Users\Brenda\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-26] (RealNetworks, Inc.)
Task: {91EFD7A1-9704-4B2E-A0A2-34B2C123590B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-11-13] (Hewlett-Packard)
Task: {A1D24166-EAF4-4DE6-BBFE-7E356DA2C5A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {A3CBFE28-6585-4258-B9E6-A87C606322E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {A8BF9931-D213-4295-92C8-6E1E85D1F940} - System32\Tasks\ReclaimerUpdateXML_Brenda => C:\Users\Brenda\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-26] (RealNetworks, Inc.)
Task: {A8E46C48-1733-40FA-875A-145DCB20EDFF} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {AB38C168-2F96-4534-823D-6CBA521E6868} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {B20023D0-291F-4BBE-BB24-E1BBC610BB20} - System32\Tasks\ReclaimerUpdateFiles_Brenda => C:\Users\Brenda\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-26] (RealNetworks, Inc.)
Task: {B2AA4FE6-80F1-46A0-8121-843AA5B16C1B} - System32\Tasks\GGHSMEV => C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe <==== ATTENTION
Task: {B4593B6A-C53F-41C8-BB9B-9B5E231893DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {B621043B-719B-4537-8F94-F43E5B963A4E} - System32\Tasks\HPCeeScheduleForBrenda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BC4C13A5-6C1B-4DB1-9E3A-DD49A667F195} - System32\Tasks\HPCeeScheduleForBRENDA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BF3BB324-7C4F-4AE3-AC7D-233E25BA3E12} - System32\Tasks\UpdaterEX => C:\Users\Brenda\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DCF9D420-1528-468B-8FE3-1351D495047A} - System32\Tasks\PRTKUAT => C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe <==== ATTENTION
Task: {E9A7B192-4B44-4E96-87A7-3C99735A3EC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {F3DC12CF-4E48-4EE7-BBF4-B271E3055CC9} - System32\Tasks\RNUpgradeHelperLogonPrompt_Brenda => C:\Users\Brenda\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\rnupgagent.exe [2016-02-26] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core.job => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA.job => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GGHSMEV.job => C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBRENDA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrenda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PRTKUAT.job => C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Brenda\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-07-05 12:27 - 2011-07-05 12:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-17 19:08 - 2013-10-17 19:08 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-25 15:39 - 2013-10-25 15:39 - 00029320 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-07-05 12:27 - 2011-07-05 12:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 12:13 - 2011-07-05 12:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-11-13 17:26 - 2013-11-13 17:26 - 00857184 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2013-10-25 15:38 - 2013-10-25 15:38 - 00026760 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-02-26 12:48 - 2016-02-17 21:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-26 12:48 - 2016-02-17 21:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{92589284-1F64-4BE9-BB82-449013434DF5}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{7059C0E3-C716-4955-8741-4D339D51803D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{53D0F711-5858-49A4-A527-EC688C6F67EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7889874D-907F-40BE-B6F7-4FDC0145F70D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}] => (Allow) LPort=2869
FirewallRules: [{06D64F51-1E72-4DB9-93ED-2BBE70544A51}] => (Allow) LPort=1900
FirewallRules: [{2520B914-6504-47E7-A090-757E8740E293}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D2E25034-8BEE-44C8-A27A-C7A47A55A732}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{24CCFC2E-4059-49C9-9184-7590F3CC64D9}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0815A371-0064-4785-9B8D-93A26FFE78B6}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{85D638D7-8941-450F-80F9-0B866A8119C2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9BEDF61D-5CDD-48EA-A2EB-6973FEFD615B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BF515693-C5F3-4D26-ABDA-B688A383E6E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5399727D-D447-4EA4-9695-B1A0D78FAD6F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{01ECF1B3-851D-4E6B-BB89-13423B3B4500}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1ED9186D-65B9-4850-B456-E687FCBD4E0F}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AA39AEE1-1D4D-49DC-AEB7-E34B5D036444}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{0614C67E-064E-4296-9D16-6008116441ED}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{50381F9C-1B5C-463A-9ABA-F37B9E7E5301}] => (Allow) LPort=443
FirewallRules: [{9E5DBC6D-5C5C-468D-AD20-10E39F7218F9}] => (Allow) LPort=443
FirewallRules: [{517912DB-DD82-4150-964B-060AF84A1B9F}] => (Allow) LPort=37674
FirewallRules: [{31077B10-0470-4EFE-8C75-BB17C5769A04}] => (Allow) LPort=37674
FirewallRules: [{04B62C9D-9BB7-4E83-8EB8-19531D562AAE}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{D48D959E-1EFA-48F7-97F2-3CA705DB34CF}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0846A008-39EB-468D-A65B-0763D7A831B9}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BB14D91E-8327-4C56-B3F7-804DB03799DB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E36444C9-11FF-4EB9-BBD9-F222909E996A}] => (Allow) C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe
FirewallRules: [{48BCC334-341E-41CE-8E44-43191A34DA9F}] => (Allow) C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe
FirewallRules: [{4F59E603-DF5D-4F31-A686-3B224879788A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{5D16FEEC-87A3-4393-90A3-2DA0AA75D26D}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D6087E1D-F951-4DE7-9914-3D562BA25134}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe
FirewallRules: [{9D45FFE6-64FE-4943-ABBF-845D3EA5B174}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe
FirewallRules: [{9948AD5B-1C51-4F04-9E07-7CE010ECF40D}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{344705B8-5582-410D-90C1-91BC0B835EA3}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{81878CC2-25D7-425C-8D23-56965B6390AF}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{9AA14AFA-2ADB-47FF-A833-44348FA6316C}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{82E3B2F6-DD83-4BE2-ADE6-D83660D9D296}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{5DD9B5A3-3425-472D-A98B-50A1A71166A7}] => (Allow) C:\Users\Brenda\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1D7C8E6A-3A49-4C4B-A1DD-EADBC8DCAFDC}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{40C94247-6544-47E5-94EA-432DF3AE5D3C}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{31E0F40C-F2EB-4615-8118-4C36E2CEFD7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{14686EF1-99D2-453C-A7BD-7C2AF9818589}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F73B4DB-9787-4949-A1BA-C26F0D110587}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{51B7E8A4-C7E6-4244-9214-D5E4713C57CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{CE530119-B23C-40D2-9EE6-E660B06064C5}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{19784EE9-44A7-4DA9-A69B-AEA12FD5E2E8}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [{1CF8ACC6-AF43-49E4-B1DB-CB695D0A8A7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F450284A-E8EF-4B48-9942-A707C3505103}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84D11AC6-1D96-4F76-8ADF-B47C8EE54B2F}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{8002D51C-E6A6-42A0-B78D-7AF4777D2FD3}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{CBF34E64-8275-489C-9218-38E7A51E1D02}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{18850104-97FC-437B-A146-87D6D6FB0368}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BFB53E5F-4C1F-4552-9A17-884319F6D47C}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{BFB1CA53-8770-4627-AA64-92702A2283CD}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{E034FF50-F500-4F31-831C-6A0FC1699F80}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B3D652AD-7754-454F-8492-3572FE266A5B}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{860ED4ED-9CE5-47F7-9862-014C6C4D6C24}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AFA78F06-4076-47E4-B53F-F02127CC0C3A}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2D41F9F4-D139-44DA-A0F9-5B0BC7048654}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{E175672D-DC66-49A8-BF16-7EE0D5318C56}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [TCP Query User{08E815D7-DE40-4F99-9047-82D7063F5201}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FB5F8820-E976-4754-934B-F45D18B5F229}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [{74C81E8D-556E-4CA8-B3BE-A5CB374E856E}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{680874DA-8958-49CD-BADC-4E7748DE518E}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{E16CAFEE-5C85-4501-89C8-DABEBB4C4E35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EDF802B-BA14-4BE1-8DD4-9B7468322A79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3520EB3-55E8-4CB7-A70E-90128F7490C0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18C9868B-5A81-45F7-8B9C-D57385172E48}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D1386914-28C2-4CDF-9C72-E5D11DAA5403}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26D539C5-D7A9-4632-8D00-D23392857DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{11C87F29-0F24-4E7A-B783-65CB09B7037F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{51FD1A99-03CF-43EB-A888-457278BFD21B}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{DEBF8010-7219-485F-8EE0-9F83B8687F9A}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [{4AB7D9E5-A9CC-458A-9E86-C17B3C9027AB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{747398F9-47A2-41BB-9651-8DE0F5539018}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{52122C4E-0A2F-4582-A1E5-710523ED2497}C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [UDP Query User{F592189D-03E5-4DE3-AA92-212E4FB3C5E6}C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [{9A20CEA6-3F70-4D8E-9E72-FF206B4A98D3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{B48E372E-4462-41E1-9A1D-36D6EFAC7C89}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [UDP Query User{8589E86F-EB1C-4CFA-AFD1-EBD5DBF3CC20}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [TCP Query User{DAF734F9-F4DE-4F28-A488-5CDEA8C777AB}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [UDP Query User{81C805D7-60AE-4CA7-B453-3CD76422C0B5}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [TCP Query User{4EFEF6F3-6F4C-4384-9446-CB4AFC7D944B}C:\users\brenda\desktop\vagante.v17c\vagante.exe] => (Allow) C:\users\brenda\desktop\vagante.v17c\vagante.exe
FirewallRules: [UDP Query User{5853209D-962E-4B9B-8BC5-FEE6798477DE}C:\users\brenda\desktop\vagante.v17c\vagante.exe] => (Allow) C:\users\brenda\desktop\vagante.v17c\vagante.exe
FirewallRules: [{DEF491B4-0C10-40F0-A695-3CD1957858D4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3F1AE1AA-9851-4C86-AD7F-053EF126F4E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-01-2016 17:00:21 Windows Update
05-02-2016 13:34:27 Windows Update
11-02-2016 13:18:49 Windows Update
11-02-2016 15:14:30 Windows Update
26-02-2016 11:20:31 Windows Update
29-02-2016 11:19:46 Windows Update
29-02-2016 12:33:19 Installed HP Support Assistant
03-03-2016 16:13:52 Windows Update
12-03-2016 09:19:32 Windows Modules Installer
13-03-2016 09:25:04 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2016 03:00:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2016 02:25:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/13/2016 01:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/13/2016 01:56:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/13/2016 01:38:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wuauclt.exe version 7.6.7601.19116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 370
 
Start Time: 01d17d039cde3e79
 
Termination Time: 58
 
Application Path: C:\Windows\system32\wuauclt.exe
 
Report Id:
 
Error: (03/13/2016 12:01:51 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/12/2016 12:40:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/12/2016 12:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/12/2016 12:19:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/12/2016 09:02:06 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
 
System errors:
=============
Error: (03/14/2016 03:02:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 03:02:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (03/14/2016 02:54:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 02:54:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (03/14/2016 02:54:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (03/14/2016 02:24:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 02:24:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (03/14/2016 02:23:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Software Framework Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 02:23:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
 
Error: (03/14/2016 02:23:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 3690.91 MB
Available physical RAM: 2032.88 MB
Total Virtual: 7380.02 MB
Available Virtual: 5191.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.98 GB) (Free:361.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:14.61 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27DA6E45)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#5
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi Robbie Babikoff,

Apologies for the delay.

Remove unwanted programs

Please uninstall the following unwanted programs:

Note: If any of the programs are not listed, proceed to the next one and work through the list.

  • Coupon Printer for Windows
  • Extended Update
  • LighterProc
  • Super Optimizer v3.2

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall.
Click uninstall.
Repeat the above steps for all the other programs to remove.


Reinstall Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

  • Download 'Google Chrome by Google' and save it to your desktop.
  • You can choose to export bookmarks if you have any. Do so by following 'this' guide.
  • If you signed in to Google Chrome, visit 'Google Sync' and click Reset sync > OK. Skip this step otherwise.
  • Close all instances of Google Chrome.
  • Now we need to uninstall Chrome.
    Note: When asked about user data or settings you must remove this also so please check the box.
  • Restart your computer after uninstalling Chrome.
  • Right click the Chrome set up file you downloaded earlier to your Desktop and click Run as Administrator to start the installation and follow the prompts.
  • After installation, you can safely import the HTML bookmark backup(s) you made earlier and 'sync your settings' again.

FRST.gifFix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.




Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\MountPoints2: {edf0e634-8006-11e4-86b4-009c021861a2} - G:\Windows\AutoRun.exe {E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70} 3.0.0.01 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {1E6356A1-70A1-450F-A58A-F975AF705B2B} URL = hxxp://ws.infospace.com/gamers_brw/ws/redir?_iceUrl=true&user_id=%userid&tool_id=%toolid&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
Toolbar: HKLM-x32 - Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll No File
Toolbar: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> No Name - {25515A79-C1C7-4B97-97F8-31A711694487} -  No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
2016-03-14 14:59 - 2015-01-06 20:13 - 00001344 _____ C:\Windows\Tasks\PRTKUAT.job
2016-03-14 14:59 - 2015-01-06 20:12 - 00001688 _____ C:\Windows\Tasks\GGHSMEV.job
2016-03-14 14:25 - 2014-07-10 13:25 - 00000296 _____ C:\Windows\Tasks\UpdaterEX.job
2015-08-03 13:36 - 2015-08-03 13:36 - 6420480 _____ () C:\Program Files (x86)\GUT472E.tmp
2016-02-05 13:34 - 2016-02-05 13:34 - 6871040 _____ () C:\Program Files (x86)\GUTB55A.tmp
2015-07-07 22:11 - 2015-08-07 20:03 - 0000024 _____ () C:\Users\Brenda\AppData\Roaming\appdataFr25.bin
2014-04-18 15:08 - 2014-04-18 15:08 - 0001174 _____ () C:\Users\Brenda\AppData\Roaming\aps.scan.quick.results
2014-04-18 15:08 - 2014-04-18 15:08 - 0000000 _____ () C:\Users\Brenda\AppData\Roaming\aps.scan.results
2014-04-18 15:08 - 2014-04-18 15:08 - 0000318 _____ () C:\Users\Brenda\AppData\Roaming\aps.uninstall.scan.results
2014-07-10 13:25 - 2015-01-21 01:39 - 0000152 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG
Task: {A8E46C48-1733-40FA-875A-145DCB20EDFF} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {B2AA4FE6-80F1-46A0-8121-843AA5B16C1B} - System32\Tasks\GGHSMEV => C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe <==== ATTENTION
Task: {BF3BB324-7C4F-4AE3-AC7D-233E25BA3E12} - System32\Tasks\UpdaterEX => C:\Users\Brenda\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DCF9D420-1528-468B-8FE3-1351D495047A} - System32\Tasks\PRTKUAT => C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe <==== ATTENTION
Task: C:\Windows\Tasks\GGHSMEV.job => C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe <==== ATTENTION
Task: C:\Windows\Tasks\PRTKUAT.job => C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Brenda\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
FirewallRules: [{9AA14AFA-2ADB-47FF-A833-44348FA6316C}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{82E3B2F6-DD83-4BE2-ADE6-D83660D9D296}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{1D7C8E6A-3A49-4C4B-A1DD-EADBC8DCAFDC}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{40C94247-6544-47E5-94EA-432DF3AE5D3C}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe

C:\Program Files (x86)\Coupons
C:\Program Files (x86)\Super Optimizer
C:\Users\Brenda\AppData\Roaming\UPDATE~1
C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe
C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe

Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

  • Any issue with uninstallation?
  • FRST fixlog
  • AdwCleaner scan log
  • FRST log
  • FRST Addition log

  • 0

#6
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi, I will be out of town for two days. So there will be delay in my reply but I will get back to you as soon as I can.


  • 0

#7
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Brenda (2016-03-19 20:24:15) Run:1
Running from C:\Users\Brenda\Desktop
Loaded Profiles: Brenda (Available Profiles: Brenda)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\MountPoints2: {edf0e634-8006-11e4-86b4-009c021861a2} - G:\Windows\AutoRun.exe {E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70} 3.0.0.01 VID_19D2&PID_0358 {9B00E99F-83A4-40d4-B987-7EB04F722BB7}
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {1E6356A1-70A1-450F-A58A-F975AF705B2B} URL = hxxp://ws.infospace.com/gamers_brw/ws/redir?_iceUrl=true&user_id=%userid&tool_id=%toolid&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
Toolbar: HKLM-x32 - Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll No File
Toolbar: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> No Name - {25515A79-C1C7-4B97-97F8-31A711694487} -  No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
2016-03-14 14:59 - 2015-01-06 20:13 - 00001344 _____ C:\Windows\Tasks\PRTKUAT.job
2016-03-14 14:59 - 2015-01-06 20:12 - 00001688 _____ C:\Windows\Tasks\GGHSMEV.job
2016-03-14 14:25 - 2014-07-10 13:25 - 00000296 _____ C:\Windows\Tasks\UpdaterEX.job
2015-08-03 13:36 - 2015-08-03 13:36 - 6420480 _____ () C:\Program Files (x86)\GUT472E.tmp
2016-02-05 13:34 - 2016-02-05 13:34 - 6871040 _____ () C:\Program Files (x86)\GUTB55A.tmp
2015-07-07 22:11 - 2015-08-07 20:03 - 0000024 _____ () C:\Users\Brenda\AppData\Roaming\appdataFr25.bin
2014-04-18 15:08 - 2014-04-18 15:08 - 0001174 _____ () C:\Users\Brenda\AppData\Roaming\aps.scan.quick.results
2014-04-18 15:08 - 2014-04-18 15:08 - 0000000 _____ () C:\Users\Brenda\AppData\Roaming\aps.scan.results
2014-04-18 15:08 - 2014-04-18 15:08 - 0000318 _____ () C:\Users\Brenda\AppData\Roaming\aps.uninstall.scan.results
2014-07-10 13:25 - 2015-01-21 01:39 - 0000152 _____ () C:\Users\Brenda\AppData\Roaming\WB.CFG
Task: {A8E46C48-1733-40FA-875A-145DCB20EDFF} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe <==== ATTENTION
Task: {B2AA4FE6-80F1-46A0-8121-843AA5B16C1B} - System32\Tasks\GGHSMEV => C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe <==== ATTENTION
Task: {BF3BB324-7C4F-4AE3-AC7D-233E25BA3E12} - System32\Tasks\UpdaterEX => C:\Users\Brenda\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {DCF9D420-1528-468B-8FE3-1351D495047A} - System32\Tasks\PRTKUAT => C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe <==== ATTENTION
Task: C:\Windows\Tasks\GGHSMEV.job => C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe <==== ATTENTION
Task: C:\Windows\Tasks\PRTKUAT.job => C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Brenda\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
FirewallRules: [{9AA14AFA-2ADB-47FF-A833-44348FA6316C}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{82E3B2F6-DD83-4BE2-ADE6-D83660D9D296}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{1D7C8E6A-3A49-4C4B-A1DD-EADBC8DCAFDC}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{40C94247-6544-47E5-94EA-432DF3AE5D3C}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
 
C:\Program Files (x86)\Coupons
C:\Program Files (x86)\Super Optimizer
C:\Users\Brenda\AppData\Roaming\UPDATE~1
C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe
C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edf0e634-8006-11e4-86b4-009c021861a2}" => key removed successfully
HKCR\CLSID\{edf0e634-8006-11e4-86b4-009c021861a2} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E6356A1-70A1-450F-A58A-F975AF705B2B}" => key removed successfully
HKCR\CLSID\{1E6356A1-70A1-450F-A58A-F975AF705B2B} => key not found. 
"HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => key removed successfully
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 
"HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
"HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{25515A79-C1C7-4B97-97F8-31A711694487} => value removed successfully
"HKCR\Wow6432Node\CLSID\{25515A79-C1C7-4B97-97F8-31A711694487}" => key removed successfully
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25515A79-C1C7-4B97-97F8-31A711694487} => value removed successfully
HKCR\CLSID\{25515A79-C1C7-4B97-97F8-31A711694487} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => key removed successfully
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => not found.
C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
CouponPrinterService => service not found.
GamesAppService => service removed successfully
clwvd => service removed successfully
MBAMSwissArmy => service removed successfully
X6va011 => service removed successfully
C:\Windows\Tasks\PRTKUAT.job => moved successfully
C:\Windows\Tasks\GGHSMEV.job => moved successfully
C:\Windows\Tasks\UpdaterEX.job => moved successfully
C:\Program Files (x86)\GUT472E.tmp => moved successfully
C:\Program Files (x86)\GUTB55A.tmp => moved successfully
C:\Users\Brenda\AppData\Roaming\appdataFr25.bin => moved successfully
C:\Users\Brenda\AppData\Roaming\aps.scan.quick.results => moved successfully
C:\Users\Brenda\AppData\Roaming\aps.scan.results => moved successfully
C:\Users\Brenda\AppData\Roaming\aps.uninstall.scan.results => moved successfully
C:\Users\Brenda\AppData\Roaming\WB.CFG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8E46C48-1733-40FA-875A-145DCB20EDFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8E46C48-1733-40FA-875A-145DCB20EDFF}" => key removed successfully
C:\Windows\System32\Tasks\Super Optimizer Schedule => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2AA4FE6-80F1-46A0-8121-843AA5B16C1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2AA4FE6-80F1-46A0-8121-843AA5B16C1B}" => key removed successfully
C:\Windows\System32\Tasks\GGHSMEV => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GGHSMEV" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF3BB324-7C4F-4AE3-AC7D-233E25BA3E12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF3BB324-7C4F-4AE3-AC7D-233E25BA3E12}" => key removed successfully
C:\Windows\System32\Tasks\UpdaterEX => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF9D420-1528-468B-8FE3-1351D495047A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF9D420-1528-468B-8FE3-1351D495047A}" => key removed successfully
C:\Windows\System32\Tasks\PRTKUAT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PRTKUAT" => key removed successfully
C:\Windows\Tasks\GGHSMEV.job => not found.
C:\Windows\Tasks\PRTKUAT.job => not found.
C:\Windows\Tasks\UpdaterEX.job => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AA14AFA-2ADB-47FF-A833-44348FA6316C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82E3B2F6-DD83-4BE2-ADE6-D83660D9D296} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D7C8E6A-3A49-4C4B-A1DD-EADBC8DCAFDC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40C94247-6544-47E5-94EA-432DF3AE5D3C} => value removed successfully
"C:\Program Files (x86)\Coupons" => not found.
"C:\Program Files (x86)\Super Optimizer" => not found.
"C:\Users\Brenda\AppData\Roaming\UPDATE~1" => not found.
"C:\Users\Brenda\AppData\Roaming\GGHSMEV.exe" => not found.
"C:\Users\Brenda\AppData\Roaming\PRTKUAT.exe" => not found.
EmptyTemp: => 4.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:29:30 ====
 
# AdwCleaner v5.102 - Logfile created 19/03/2016 at 20:36:53
# Updated 13/03/2016 by Xplode
# Database : 2016-03-19.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Brenda - BRENDA-HP
# Running from : C:\Users\Brenda\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\NetCrawl
Folder Found : C:\Program Files (x86)\VideoPerformer
Folder Found : C:\ProgramData\InstallSightSDK
Folder Found : C:\ProgramData\3ede5fd1000017e6
Folder Found : C:\ProgramData\6625434491500780501
Folder Found : C:\ProgramData\{c1dc73da-ea18-f5f0-c1dc-c73daea1cf6b}
Folder Found : C:\ProgramData\{c74fe8e9-6d55-1bd8-c74f-fe8e96d5a3a5}
Folder Found : C:\ProgramData\{d0fde706-5a1d-e487-d0fd-de7065a19c19}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
Folder Found : C:\Users\Brenda\AppData\Local\BitLord
Folder Found : C:\Users\Brenda\AppData\Local\Conduit
Folder Found : C:\Users\Brenda\AppData\Local\globalUpdate
Folder Found : C:\Users\Brenda\AppData\Local\NativeMessaging
Folder Found : C:\Users\Brenda\AppData\LocalLow\Conduit
Folder Found : C:\Users\Brenda\AppData\Roaming\BitLord
Folder Found : C:\Users\Brenda\AppData\Roaming\Super Optimizer
Folder Found : C:\Windows\SysWOW64\SearchProtect
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\tkt29lin.default\invalidprefs.js
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : OpenCandyHelperRunOnce
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VideoPerformer.exe
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SmartSaver+ 8-bg.exe]
Key Found : HKLM\SOFTWARE\2f42c221-00d8-8287-237a-86e33b7fe16e
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed331a23}
Key Found : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\onekit
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\WebBar
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\Taronja
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Found : HKU\.DEFAULT\Software\IBUpdaterService
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\APN PIP
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Conduit
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\GlobalUpdate
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\InstalledBrowserExtensions
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\InstalledThirdPartyPrograms
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\onekit
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\pc optimizer pro
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\performersoft llc
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Rocket Browser
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Super Optimizer
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\UpdaterEX
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\WEBAPP
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\WebBar
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\NetCrawl
Key Found : HKU\S-1-5-18\Software\IBUpdaterService
Key Found : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=websearch.coolfindings.info%2F%3Fpid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS&OSP=websearch.coolfindings.info%2F%3Fl%3D1%26q%3D%7BsearchTerms%7D%26pid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS
Data Found : HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=websearch.coolfindings.info%2F%3Fpid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS&OSP=websearch.coolfindings.info%2F%3Fl%3D1%26q%3D%7BsearchTerms%7D%26pid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{51FD1A99-03CF-43EB-A888-457278BFD21B}C:\program files (x86)\bitlord\bitlord.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{DEBF8010-7219-485F-8EE0-9F83B8687F9A}C:\program files (x86)\bitlord\bitlord.exe]
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
 
***** [ Web browsers ] *****
 
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : iagcajndpnfncplednpbnkahadegklfa
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ibnjmihbbanannlbobkbmnmckjnmdnom
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : oiokahphinmbmakkehgelkmpolmnbkdh
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [10715 bytes] - [19/03/2016 20:36:53]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [10809 bytes] ##########
 

  • 0

#8
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

When attempting to remove LighterProc from my list of installed programs, I was greeted with a prompt and the prompt said the specified module could not be found. I have no option to remove it. 


  • 0

#9
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi Robbie Babikoff,
 
You did not post your new FRST log, I will require it in my next post.

 

I was greeted with a prompt and the prompt said the specified module could not be found

 

Is the entire error message only contains "the specified module could not be found" or there is some other messages?

 

It could be such that the program is already removed, but only reside on the uninstall list. I will be able to understand more from your next FRST log.


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt

 

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

  • JRT log
  • AdwCleaner log
  • FRST log
  • FRST Addition log

  • 0

#10
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Brenda (administrator) on BRENDA-HP (20-03-2016 10:26:55)
Running from C:\Users\Brenda\Desktop
Loaded Profiles: Brenda (Available Profiles: Brenda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Brenda\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Brenda\Desktop\AdwCleaner.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2012-03-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Facebook Update] => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Epson Stylus NX430(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2012-03-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Spotify Web Helper] => C:\Users\Brenda\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-26] (Spotify Ltd)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{58FCA57B-8E3E-4635-829C-5B717E7CE575}: [DhcpNameServer] 192.168.0.1 205.171.3.65
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=websearch.coolfindings.info%2F%3Fpid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS&OSP=websearch.coolfindings.info%2F%3Fl%3D1%26q%3D%7BsearchTerms%7D%26pid%3D24379%26r%3D2015%2F05%2F23%26hid%3D13109253756942398304%26lg%3DEN%26cc%3DUS
URLSearchHook: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> Default = {b843a48a-b70f-45cd-a15a-6c2b30c2c11e}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\tkt29lin.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-13] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-10-17] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @g2.com/iggweb3dupdater -> C:\Users\Brenda\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @g2.com/joyconnectshell -> C:\Users\Brenda\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Brenda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Brenda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-12] (Unity Technologies ApS)
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-24] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-13] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-13] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{56D10AE9-6227-455E-95C3-73CD63A091EC}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.facebook.com/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-10-17] ()
R2 RealPlayer Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1418336 2013-11-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [29320 2013-10-25] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 massfilter_brcm; C:\Windows\system32\drivers\massfilter_brcm.sys [20232 2012-06-07] (Handset Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-20 10:26 - 2016-03-20 10:27 - 00022613 _____ C:\Users\Brenda\Desktop\FRST.txt
2016-03-19 20:36 - 2016-03-19 20:36 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-19 20:35 - 2016-03-19 20:35 - 01527296 _____ C:\Users\Brenda\Desktop\AdwCleaner.exe
2016-03-19 20:24 - 2016-03-19 20:29 - 00013172 _____ C:\Users\Brenda\Desktop\Fixlog.txt
2016-03-19 20:18 - 2016-03-19 20:18 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-19 20:18 - 2016-03-19 20:18 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-19 20:09 - 2016-03-19 20:09 - 00987728 _____ (Google Inc.) C:\Users\Brenda\Desktop\ChromeSetup.exe
2016-03-14 23:15 - 2016-03-14 23:15 - 00416591 _____ C:\Users\Brenda\Documents\Kitchen Team- Prep Cook.pdf
2016-03-14 23:11 - 2016-03-14 23:11 - 00416637 _____ C:\Users\Brenda\Documents\Kitchen Team- Line Cook.pdf
2016-03-14 23:06 - 2016-03-14 23:06 - 00417766 _____ C:\Users\Brenda\Documents\Kitchen Team- Dishes and Dining Hall Attendant.pdf
2016-03-14 19:53 - 2016-03-14 19:53 - 00050708 _____ C:\Users\Brenda\Desktop\3-14-16-edible-order-form.pdf
2016-03-14 15:14 - 2016-03-20 10:26 - 00000000 ____D C:\FRST
2016-03-14 15:13 - 2016-03-14 15:14 - 02374144 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2016-03-14 15:02 - 2016-03-19 12:01 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-14 15:02 - 2016-03-19 12:01 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-12 20:54 - 2016-03-12 20:54 - 00265223 _____ C:\Users\Brenda\Desktop\Babikoff Resume 6_13_14(1).pdf
2016-03-12 13:00 - 2016-03-12 13:00 - 00003114 _____ C:\Windows\System32\Tasks\{BB912A04-B1D5-46E6-85ED-79A8C200EFB5}
2016-03-12 12:27 - 2016-03-12 12:27 - 00000000 ____H C:\Users\Brenda\AppData\Local\BIT18EC.tmp
2016-03-12 12:21 - 2016-03-12 12:21 - 00000000 _____ C:\Users\Brenda\AppData\Local\{D102A48E-B9B3-4424-9FBC-940E6D027909}
2016-03-12 12:14 - 2016-02-12 11:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-12 12:14 - 2016-02-12 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-12 12:14 - 2016-02-12 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-12 12:14 - 2016-02-12 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-12 12:14 - 2016-02-12 11:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-12 12:14 - 2016-02-12 11:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-12 12:14 - 2016-02-12 11:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-12 12:14 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-12 12:14 - 2016-02-12 11:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-12 12:14 - 2016-02-12 11:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-12 12:14 - 2016-02-12 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-12 12:14 - 2016-02-12 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-12 12:14 - 2016-02-12 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-12 12:14 - 2016-02-05 11:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-12 12:14 - 2016-02-05 11:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-12 12:14 - 2016-02-05 11:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-12 12:14 - 2016-02-05 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-12 12:14 - 2016-02-05 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-12 12:14 - 2016-02-05 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-12 12:14 - 2016-02-05 11:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-12 12:14 - 2016-02-05 10:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-12 12:14 - 2016-02-05 10:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-12 12:14 - 2016-02-05 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-12 12:14 - 2016-02-04 18:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-12 12:14 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-12 12:14 - 2016-02-04 10:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-12 12:14 - 2016-02-03 11:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-12 12:14 - 2016-02-03 11:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-12 12:14 - 2016-02-03 11:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-12 12:14 - 2016-02-03 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-12 12:14 - 2016-02-03 11:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-12 12:14 - 2016-01-11 12:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-12 12:14 - 2015-11-19 07:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-12 12:13 - 2016-02-08 23:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-12 12:13 - 2016-02-08 23:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-12 12:13 - 2016-02-08 14:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-12 12:13 - 2016-02-08 13:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-12 12:13 - 2016-02-08 13:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-12 12:13 - 2016-02-08 13:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-12 12:13 - 2016-02-08 13:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-12 12:13 - 2016-02-08 13:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-12 12:13 - 2016-02-08 13:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-12 12:13 - 2016-02-08 13:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-12 12:13 - 2016-02-08 13:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-12 12:13 - 2016-02-08 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-12 12:13 - 2016-02-08 13:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-12 12:13 - 2016-02-08 13:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-12 12:13 - 2016-02-08 13:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-12 12:13 - 2016-02-08 13:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-12 12:13 - 2016-02-08 13:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-12 12:13 - 2016-02-08 13:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-12 12:13 - 2016-02-08 13:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-12 12:13 - 2016-02-08 13:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-12 12:13 - 2016-02-08 13:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-12 12:13 - 2016-02-08 13:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-12 12:13 - 2016-02-08 13:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-12 12:13 - 2016-02-08 13:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-12 12:13 - 2016-02-08 13:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-12 12:13 - 2016-02-08 13:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-12 12:13 - 2016-02-08 13:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-12 12:13 - 2016-02-08 12:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-12 12:13 - 2016-02-08 12:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-12 12:13 - 2016-02-08 12:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-12 12:13 - 2016-02-08 11:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-12 12:13 - 2016-02-08 11:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-12 12:13 - 2016-02-08 11:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-12 12:13 - 2016-02-08 11:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-12 12:13 - 2016-02-08 11:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-12 12:13 - 2016-02-08 11:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-12 12:13 - 2016-02-08 11:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-12 12:13 - 2016-02-08 11:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-12 12:13 - 2016-02-08 11:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-12 12:13 - 2016-02-08 11:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-12 12:13 - 2016-02-08 11:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-12 12:13 - 2016-02-08 11:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-12 12:13 - 2016-02-08 11:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-12 12:13 - 2016-02-08 11:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-12 12:13 - 2016-02-08 11:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-12 12:13 - 2016-02-08 10:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-12 12:13 - 2016-02-08 10:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-12 12:13 - 2016-02-08 10:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-12 12:13 - 2016-02-08 10:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-12 12:13 - 2016-02-08 10:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-12 12:13 - 2016-02-08 10:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-12 12:13 - 2016-02-08 10:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-12 12:13 - 2016-02-08 10:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-12 12:13 - 2016-02-08 10:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-12 12:13 - 2016-02-08 10:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-12 12:13 - 2016-02-08 10:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-12 12:13 - 2016-02-08 10:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-12 12:13 - 2016-02-08 10:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-12 12:13 - 2016-02-08 10:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-12 12:13 - 2016-02-08 09:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-12 12:12 - 2016-02-11 11:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-12 12:12 - 2016-02-11 11:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-12 12:12 - 2016-02-11 11:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-12 12:12 - 2016-02-11 11:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-12 12:12 - 2016-02-11 11:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-12 12:12 - 2016-02-11 11:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-12 12:12 - 2016-02-11 11:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-12 12:12 - 2016-02-11 11:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-12 12:12 - 2016-02-11 11:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-12 12:12 - 2016-02-11 11:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-12 12:12 - 2016-02-11 10:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-12 12:12 - 2016-02-11 10:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-12 12:12 - 2016-02-11 10:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-12 12:12 - 2016-02-11 10:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-12 12:12 - 2016-02-11 10:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-12 12:12 - 2016-02-11 10:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-12 12:12 - 2016-02-11 10:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-12 12:12 - 2016-02-11 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-12 12:12 - 2016-02-11 10:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-12 12:11 - 2016-02-09 02:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-12 12:11 - 2016-02-09 02:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-12 12:10 - 2016-02-19 12:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-12 12:10 - 2016-02-19 11:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-12 12:10 - 2016-02-19 07:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-12 12:10 - 2016-02-11 07:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-12 12:10 - 2016-02-09 02:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-12 12:10 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-12 12:10 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-12 12:10 - 2016-02-09 02:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-12 12:10 - 2016-02-09 02:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-12 12:10 - 2016-02-09 02:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-12 12:10 - 2016-02-09 02:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-12 12:10 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-12 12:10 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-12 10:59 - 2016-03-12 10:59 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-12 10:59 - 2016-03-12 10:59 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-04 09:58 - 2016-03-19 13:43 - 00003366 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-02-29 12:48 - 2016-02-29 12:49 - 00000000 ____D C:\9a392ad229231899ea2b1a
2016-02-29 11:43 - 2016-03-12 09:03 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBrenda
2016-02-29 11:43 - 2016-03-12 09:03 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
2016-02-26 13:02 - 2016-03-04 10:18 - 00000000 ____D C:\Users\Brenda\Documents\Resumes
2016-02-26 11:41 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-26 11:41 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-26 11:35 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-26 11:34 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-26 11:34 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-26 11:30 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-26 11:30 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-26 11:30 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-26 11:30 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-26 11:30 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-26 11:30 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-26 11:30 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-26 11:24 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-26 11:24 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-26 11:23 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-26 11:23 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-26 11:23 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-26 11:23 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-26 11:23 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-26 11:23 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-20 10:26 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-20 10:26 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-20 10:21 - 2012-08-24 12:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-20 10:20 - 2012-06-03 16:46 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA.job
2016-03-20 10:20 - 2012-04-01 17:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-19 20:38 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-19 20:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-19 20:31 - 2012-08-24 12:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-19 20:30 - 2012-08-24 12:59 - 00000000 ____D C:\Program Files\Google
2016-03-19 20:30 - 2012-08-24 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-19 20:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-19 20:25 - 2012-05-31 13:56 - 00000000 ___SD C:\Users\Brenda\AppData\LocalLow\Temp
2016-03-19 20:12 - 2014-11-29 11:54 - 00000000 __SHD C:\Users\Brenda\AppData\Local\EmieBrowserModeList
2016-03-19 20:12 - 2014-11-27 15:04 - 00000000 __SHD C:\Users\Brenda\AppData\LocalLow\EmieBrowserModeList
2016-03-19 20:12 - 2014-04-16 07:09 - 00000000 __SHD C:\Users\Brenda\AppData\LocalLow\EmieUserList
2016-03-19 20:12 - 2014-04-16 07:09 - 00000000 __SHD C:\Users\Brenda\AppData\Local\EmieUserList
2016-03-19 20:12 - 2014-04-16 07:09 - 00000000 __SHD C:\Users\Brenda\AppData\Local\EmieSiteList
2016-03-19 20:12 - 2014-04-14 09:08 - 00000000 __SHD C:\Users\Brenda\AppData\LocalLow\EmieSiteList
2016-03-19 20:12 - 2012-08-24 12:58 - 00000000 ____D C:\Users\Brenda\AppData\Local\Google
2016-03-19 16:46 - 2012-06-03 16:46 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core.job
2016-03-19 13:43 - 2015-08-26 08:42 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-19 12:09 - 2012-03-03 12:23 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F37CBA61-F619-4F41-A793-54729BB1184D}
2016-03-14 23:15 - 2012-05-17 19:46 - 00573952 ___SH C:\Users\Brenda\Documents\Thumbs.db
2016-03-14 17:58 - 2014-05-23 12:19 - 02878976 ___SH C:\Users\Brenda\Downloads\Thumbs.db
2016-03-13 19:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-03-13 13:15 - 2009-07-13 21:45 - 00413160 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-13 13:12 - 2014-12-11 06:20 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-13 09:55 - 2012-04-01 17:44 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-13 09:55 - 2012-04-01 17:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-13 09:54 - 2011-08-08 21:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-13 09:51 - 2013-07-17 05:54 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 09:31 - 2012-03-10 22:01 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-13 01:21 - 2016-02-13 07:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-12 20:43 - 2007-01-01 18:25 - 00000000 ____D C:\Windows\Panther
2016-03-12 12:49 - 2011-08-08 21:45 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-03-12 12:46 - 2011-08-08 21:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-12 10:59 - 2015-03-18 10:11 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-12 09:05 - 2012-03-03 12:51 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-12 09:03 - 2012-10-31 05:13 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBRENDA-HP$.job
2016-03-12 09:02 - 2012-10-31 05:13 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBRENDA-HP$
2016-03-03 16:17 - 2012-03-09 07:04 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Epson
2016-02-29 12:49 - 2015-04-05 07:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-29 12:49 - 2015-04-05 07:54 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-29 12:49 - 2014-05-07 07:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-29 12:43 - 2011-08-08 21:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-02-29 12:43 - 2011-08-08 21:18 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-29 12:41 - 2011-08-08 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-29 11:52 - 2011-02-10 12:23 - 00000000 ____D C:\SWSetup
2016-02-29 11:27 - 2015-01-08 17:16 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-29 11:27 - 2015-01-08 17:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-29 11:27 - 2015-01-08 17:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-29 11:27 - 2012-03-03 12:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-26 11:48 - 2009-07-13 19:34 - 00000580 _____ C:\Windows\win.ini
2016-02-26 11:12 - 2012-05-13 05:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-26 11:12 - 2012-05-13 05:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-11-04 16:53 - 2014-12-05 12:33 - 0000111 _____ () C:\Users\Brenda\AppData\Roaming\sdole32.ini
2016-03-12 12:27 - 2016-03-12 12:27 - 0000000 ____H () C:\Users\Brenda\AppData\Local\BIT18EC.tmp
2015-01-19 22:39 - 2015-01-19 22:39 - 0000001 _____ () C:\Users\Brenda\AppData\Local\DSI.DAT
2015-05-24 00:23 - 2015-05-24 00:23 - 0000000 _____ () C:\Users\Brenda\AppData\Local\Temp.dat
2016-03-12 12:21 - 2016-03-12 12:21 - 0000000 _____ () C:\Users\Brenda\AppData\Local\{D102A48E-B9B3-4424-9FBC-940E6D027909}
 
Some files in TEMP:
====================
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 04:58
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Brenda (2016-03-20 10:29:14)
Running from C:\Users\Brenda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-03 19:13:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2178881584-2744589791-4175445109-500 - Administrator - Disabled)
Brenda (S-1-5-21-2178881584-2744589791-4175445109-1001 - Administrator - Enabled) => C:\Users\Brenda
Guest (S-1-5-21-2178881584-2744589791-4175445109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2178881584-2744589791-4175445109-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LighterProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed331a23}) (Version:  - Software Publisher) <==== ATTENTION
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Pascal Handset USB Driver (HKLM\...\{9B00E99F-83A4-40d4-B987-7EB04F722BB7}) (Version:  - ZTE Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE Z768G Handset USB Driver (HKLM\...\{E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70}_is1) (Version: 3.0.0.01 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1114ADD5-F5C6-4C9B-9C72-CB4482A9146E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {19836291-3B1C-464C-A521-62213FAD157B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {1B1D62D6-941C-4B04-B86D-F26342554F22} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-10-17] (RealNetworks, Inc.)
Task: {1C726821-5CDA-4DF8-8D28-34BD22659AF4} - System32\Tasks\{D14D5478-E947-48EE-92E8-1E8A60AA0F82} => pcalua.exe -a "C:\Users\Brenda\Downloads\GamersUnite_SnagBar (1).exe" -d C:\Users\Brenda\Desktop
Task: {1FD989F3-1661-48E6-92E0-692ABFD48B15} - System32\Tasks\{4C2BA0D3-9A1D-4EDC-AB47-9A0C88E462F8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {506E90ED-8A74-4C4D-B7A4-2A7B9D26F8C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {534CBF3F-AEA8-451B-82AE-811914863696} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5830A420-EDDD-4B58-895F-8712B5B48B50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {6C842032-DECC-4507-B1F9-7AF77B1C0F3A} - System32\Tasks\{729041D1-F38F-4BBE-8EE0-2C33F42A849B} => pcalua.exe -a C:\Users\Brenda\Downloads\GamersUnite_SnagBar.exe -d C:\Users\Brenda\Desktop
Task: {6DCAFF31-E40D-4FFE-9B77-E1896D3641FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-13] (Adobe Systems Incorporated)
Task: {7F6047E7-D8B6-4A8A-A5B5-38F61B99BE1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {892F8B90-D47A-473F-B77E-B2D6AF4F6AB2} - System32\Tasks\{BB912A04-B1D5-46E6-85ED-79A8C200EFB5} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {91EFD7A1-9704-4B2E-A0A2-34B2C123590B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-11-13] (Hewlett-Packard)
Task: {9D4502CE-5122-46DA-A45A-E8F7602200C6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {A1D24166-EAF4-4DE6-BBFE-7E356DA2C5A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {A3CBFE28-6585-4258-B9E6-A87C606322E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {AB38C168-2F96-4534-823D-6CBA521E6868} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {B4593B6A-C53F-41C8-BB9B-9B5E231893DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {B621043B-719B-4537-8F94-F43E5B963A4E} - System32\Tasks\HPCeeScheduleForBrenda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BC4C13A5-6C1B-4DB1-9E3A-DD49A667F195} - System32\Tasks\HPCeeScheduleForBRENDA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DBB06268-ACD1-4FD1-839D-5A4C5942E1EA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {E9A7B192-4B44-4E96-87A7-3C99735A3EC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core.job => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA.job => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBRENDA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrenda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-07-05 12:27 - 2011-07-05 12:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-17 19:08 - 2013-10-17 19:08 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-25 15:39 - 2013-10-25 15:39 - 00029320 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-07-05 12:27 - 2011-07-05 12:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 12:13 - 2011-07-05 12:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2016-03-19 20:35 - 2016-03-19 20:35 - 01527296 _____ () C:\Users\Brenda\Desktop\AdwCleaner.exe
2013-11-13 17:26 - 2013-11-13 17:26 - 00857184 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2013-10-25 15:38 - 2013-10-25 15:38 - 00026760 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-03-19 20:18 - 2016-03-07 19:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-19 20:18 - 2016-03-07 19:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{92589284-1F64-4BE9-BB82-449013434DF5}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{7059C0E3-C716-4955-8741-4D339D51803D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{53D0F711-5858-49A4-A527-EC688C6F67EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7889874D-907F-40BE-B6F7-4FDC0145F70D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}] => (Allow) LPort=2869
FirewallRules: [{06D64F51-1E72-4DB9-93ED-2BBE70544A51}] => (Allow) LPort=1900
FirewallRules: [{2520B914-6504-47E7-A090-757E8740E293}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D2E25034-8BEE-44C8-A27A-C7A47A55A732}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{24CCFC2E-4059-49C9-9184-7590F3CC64D9}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0815A371-0064-4785-9B8D-93A26FFE78B6}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{85D638D7-8941-450F-80F9-0B866A8119C2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9BEDF61D-5CDD-48EA-A2EB-6973FEFD615B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BF515693-C5F3-4D26-ABDA-B688A383E6E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5399727D-D447-4EA4-9695-B1A0D78FAD6F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{01ECF1B3-851D-4E6B-BB89-13423B3B4500}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1ED9186D-65B9-4850-B456-E687FCBD4E0F}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AA39AEE1-1D4D-49DC-AEB7-E34B5D036444}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{0614C67E-064E-4296-9D16-6008116441ED}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{50381F9C-1B5C-463A-9ABA-F37B9E7E5301}] => (Allow) LPort=443
FirewallRules: [{9E5DBC6D-5C5C-468D-AD20-10E39F7218F9}] => (Allow) LPort=443
FirewallRules: [{517912DB-DD82-4150-964B-060AF84A1B9F}] => (Allow) LPort=37674
FirewallRules: [{31077B10-0470-4EFE-8C75-BB17C5769A04}] => (Allow) LPort=37674
FirewallRules: [{04B62C9D-9BB7-4E83-8EB8-19531D562AAE}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{D48D959E-1EFA-48F7-97F2-3CA705DB34CF}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0846A008-39EB-468D-A65B-0763D7A831B9}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BB14D91E-8327-4C56-B3F7-804DB03799DB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E36444C9-11FF-4EB9-BBD9-F222909E996A}] => (Allow) C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe
FirewallRules: [{48BCC334-341E-41CE-8E44-43191A34DA9F}] => (Allow) C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe
FirewallRules: [{4F59E603-DF5D-4F31-A686-3B224879788A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{5D16FEEC-87A3-4393-90A3-2DA0AA75D26D}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D6087E1D-F951-4DE7-9914-3D562BA25134}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe
FirewallRules: [{9D45FFE6-64FE-4943-ABBF-845D3EA5B174}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe
FirewallRules: [{9948AD5B-1C51-4F04-9E07-7CE010ECF40D}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{344705B8-5582-410D-90C1-91BC0B835EA3}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{81878CC2-25D7-425C-8D23-56965B6390AF}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{5DD9B5A3-3425-472D-A98B-50A1A71166A7}] => (Allow) C:\Users\Brenda\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{31E0F40C-F2EB-4615-8118-4C36E2CEFD7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{14686EF1-99D2-453C-A7BD-7C2AF9818589}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F73B4DB-9787-4949-A1BA-C26F0D110587}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{51B7E8A4-C7E6-4244-9214-D5E4713C57CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{CE530119-B23C-40D2-9EE6-E660B06064C5}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{19784EE9-44A7-4DA9-A69B-AEA12FD5E2E8}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [{1CF8ACC6-AF43-49E4-B1DB-CB695D0A8A7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F450284A-E8EF-4B48-9942-A707C3505103}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84D11AC6-1D96-4F76-8ADF-B47C8EE54B2F}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{8002D51C-E6A6-42A0-B78D-7AF4777D2FD3}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{CBF34E64-8275-489C-9218-38E7A51E1D02}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{18850104-97FC-437B-A146-87D6D6FB0368}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BFB53E5F-4C1F-4552-9A17-884319F6D47C}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{BFB1CA53-8770-4627-AA64-92702A2283CD}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{E034FF50-F500-4F31-831C-6A0FC1699F80}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B3D652AD-7754-454F-8492-3572FE266A5B}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{860ED4ED-9CE5-47F7-9862-014C6C4D6C24}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AFA78F06-4076-47E4-B53F-F02127CC0C3A}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2D41F9F4-D139-44DA-A0F9-5B0BC7048654}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{E175672D-DC66-49A8-BF16-7EE0D5318C56}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [TCP Query User{08E815D7-DE40-4F99-9047-82D7063F5201}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FB5F8820-E976-4754-934B-F45D18B5F229}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [{74C81E8D-556E-4CA8-B3BE-A5CB374E856E}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{680874DA-8958-49CD-BADC-4E7748DE518E}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{E16CAFEE-5C85-4501-89C8-DABEBB4C4E35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EDF802B-BA14-4BE1-8DD4-9B7468322A79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3520EB3-55E8-4CB7-A70E-90128F7490C0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18C9868B-5A81-45F7-8B9C-D57385172E48}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D1386914-28C2-4CDF-9C72-E5D11DAA5403}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26D539C5-D7A9-4632-8D00-D23392857DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{11C87F29-0F24-4E7A-B783-65CB09B7037F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{51FD1A99-03CF-43EB-A888-457278BFD21B}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{DEBF8010-7219-485F-8EE0-9F83B8687F9A}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [{4AB7D9E5-A9CC-458A-9E86-C17B3C9027AB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{747398F9-47A2-41BB-9651-8DE0F5539018}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{52122C4E-0A2F-4582-A1E5-710523ED2497}C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [UDP Query User{F592189D-03E5-4DE3-AA92-212E4FB3C5E6}C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [{9A20CEA6-3F70-4D8E-9E72-FF206B4A98D3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{B48E372E-4462-41E1-9A1D-36D6EFAC7C89}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [UDP Query User{8589E86F-EB1C-4CFA-AFD1-EBD5DBF3CC20}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [TCP Query User{DAF734F9-F4DE-4F28-A488-5CDEA8C777AB}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [UDP Query User{81C805D7-60AE-4CA7-B453-3CD76422C0B5}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [TCP Query User{4EFEF6F3-6F4C-4384-9446-CB4AFC7D944B}C:\users\brenda\desktop\vagante.v17c\vagante.exe] => (Allow) C:\users\brenda\desktop\vagante.v17c\vagante.exe
FirewallRules: [UDP Query User{5853209D-962E-4B9B-8BC5-FEE6798477DE}C:\users\brenda\desktop\vagante.v17c\vagante.exe] => (Allow) C:\users\brenda\desktop\vagante.v17c\vagante.exe
FirewallRules: [{DEF491B4-0C10-40F0-A695-3CD1957858D4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{687A6F72-689D-47A6-BB00-D1D54BC37B2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-03-2016 09:25:04 Windows Update
17-03-2016 08:25:43 Windows Update
19-03-2016 20:13:44 Removed Google Drive
19-03-2016 20:24:17 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2016 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 04:49:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 04:46:31 PM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/19/2016 01:42:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 12:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 11:58:17 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/18/2016 08:31:25 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/17/2016 09:20:24 PM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/17/2016 12:41:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/17/2016 12:38:06 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
 
System errors:
=============
Error: (03/19/2016 08:25:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/19/2016 08:24:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/19/2016 08:24:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (03/19/2016 08:24:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 64%
Total physical RAM: 3690.91 MB
Available physical RAM: 1316.37 MB
Total Virtual: 7380.02 MB
Available Virtual: 4980.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.98 GB) (Free:368.53 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:14.61 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27DA6E45)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#11
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

For organizational purposes i'm seperating the steps in seperate replies. 

 

Next step in my next reply. 


  • 0

#12
Robbie Babikoff

Robbie Babikoff

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Brenda (Administrator) on Sun 03/20/2016 at 10:38:50.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 66 
 
Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\3ede5fd1000017e6 (Folder) 
Successfully deleted: C:\ProgramData\6625434491500780501 (Folder) 
Successfully deleted: C:\ProgramData\installsightsdk (Folder) 
Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\super optimizer (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\{0446139C-640A-45B1-B92A-824502816C06} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{14B6D85D-D6AF-4BF9-AC39-C364E03E9D62} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{2219D623-C532-4D97-A880-1DAB907A36EC} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{24B42812-7F81-4FFE-B3F3-837359EE604A} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{2C4CEE5B-33FC-4EEE-B253-428333273287} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{2D28687E-FB44-48E8-BDF6-37D43A25DF73} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{3FD304F7-2458-4B25-9DAC-DCB09C7CC3A3} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{46446931-F12F-4090-A0FA-6137EB59A229} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{47FA5626-D20B-490C-B67D-82C353CDA873} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{500B97A1-2B27-4D17-9F5D-051744D31508} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{61254239-F4A3-47A9-B140-0DB54A6DB828} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{631388C1-A8A1-4EFF-93C3-6A59DCB94646} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{70CAF03A-E317-4ADE-8551-37C6EBB02226} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{712016DB-3EBA-4DF8-AFED-D92510FBB7F0} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{77B6C961-F6D4-4285-BAB6-A82052F94061} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{7AD1CE6B-134E-4B77-B8BD-09F3BE002885} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{9366920E-A71E-4737-8E1C-46695BA40AA7} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{93CEC467-3383-4940-B583-E01347EFE66C} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{96AAE446-A05B-4973-A814-238B0A37534C} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{9D63177C-2A95-49F2-9667-A1FE6CCFEEFE} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{A073F3F6-B43D-43CE-8882-48D057CF3234} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{A955BD74-40E9-4671-9E62-E5F972E5D7EA} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{B3CECBEA-2C65-41DC-AAD2-1A36B45842BD} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{B93E96E9-23BC-418A-A8F3-62C3A7F56FCD} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{BDA73EB3-EB35-4B33-8ABB-CAAB89ABC607} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{C4A2775F-4F59-481B-895F-A26A0034A186} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{C62765B4-4EC8-4CA4-B786-7D3305429854} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{C6BEC8BA-C048-4873-90FE-7FBB43E1AD3B} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{D3719CF9-AA5B-4B50-898C-78FA7B96E615} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{D8FEC985-F97B-49A1-92D1-1ECFD53E3470} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{D96B821B-EC27-48A7-A560-5D8092FB965E} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{DCE5E090-0A78-4C08-8860-239EEDFFEADE} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{DE04D0F1-21CC-402D-8F38-A6217C029E81} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{DEB127F8-0D2F-4228-AB9D-5CB7EB8CC47B} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{E1E36174-E5B8-4288-B119-622A4933ABF8} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\{E36F38C5-8CE9-4F25-AA27-45589A602A68} (Empty Folder)
Successfully deleted: C:\Users\Brenda\AppData\Local\conduit (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\cre (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\globalupdate (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\nativemessaging (Folder) 
Successfully deleted: C:\Users\Brenda\Appdata\LocalLow\conduit (Folder) 
Successfully deleted: C:\Users\Brenda\Appdata\LocalLow\FCTB000062781 (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Roaming\dll-files.com (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\tkt29lin.default\Invalidprefs.js (File) 
Successfully deleted: C:\Users\Brenda\AppData\Roaming\nico mak computing (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Roaming\super optimizer (Folder) 
Successfully deleted: C:\Program Files (x86)\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\globalupdate (Folder) 
Successfully deleted: C:\Program Files (x86)\netcrawl (Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADL21WNN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F05PP1H0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRUZ8HOO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKDRE2OO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_A6282D74-E499780F.pf (File) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADL21WNN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F05PP1H0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRUZ8HOO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKDRE2OO (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\First Home Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/20/2016 at 10:45:16.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v5.102 - Logfile created 20/03/2016 at 10:51:29
# Updated 13/03/2016 by Xplode
# Database : 2016-03-20.6 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Brenda - BRENDA-HP
# Running from : C:\Users\Brenda\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\VideoPerformer
[-] Folder Deleted : C:\ProgramData\{c1dc73da-ea18-f5f0-c1dc-c73daea1cf6b}
[-] Folder Deleted : C:\ProgramData\{c74fe8e9-6d55-1bd8-c74f-fe8e96d5a3a5}
[-] Folder Deleted : C:\ProgramData\{d0fde706-5a1d-e487-d0fd-de7065a19c19}
[-] Folder Deleted : C:\Users\Brenda\AppData\Local\BitLord
[-] Folder Deleted : C:\Users\Brenda\AppData\Roaming\BitLord
[-] Folder Deleted : C:\Windows\SysWOW64\SearchProtect
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : OpenCandyHelperRunOnce
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VideoPerformer.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SmartSaver+ 8-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\2f42c221-00d8-8287-237a-86e33b7fe16e
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed331a23}
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.FCTB000062781Pos.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062781.JSOptionsImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
[-] Key Deleted : HKCU\Software\onekit
[-] Key Deleted : HKCU\Software\pc optimizer pro
[-] Key Deleted : HKCU\Software\performersoft llc
[-] Key Deleted : HKCU\Software\Rocket Browser
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\WebBar
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\ORBTR
[-] Key Deleted : HKLM\SOFTWARE\Taronja
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\NetCrawl
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{51FD1A99-03CF-43EB-A888-457278BFD21B}C:\program files (x86)\bitlord\bitlord.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{DEBF8010-7219-485F-8EE0-9F83B8687F9A}C:\program files (x86)\bitlord\bitlord.exe]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : iagcajndpnfncplednpbnkahadegklfa
[-] [C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ibnjmihbbanannlbobkbmnmckjnmdnom
[-] [C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oilkkkefbalmbfppgjmgjoefbclebkce
[-] [C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oiokahphinmbmakkehgelkmpolmnbkdh
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [7665 bytes] - [20/03/2016 10:51:29]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [10929 bytes] - [19/03/2016 20:36:53]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [8994 bytes] - [20/03/2016 10:47:09]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [7945 bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Brenda (administrator) on BRENDA-HP (20-03-2016 10:57:12)
Running from C:\Users\Brenda\Desktop
Loaded Profiles: Brenda (Available Profiles: Brenda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Brenda\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Akamai Technologies, Inc.) C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2012-03-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Facebook Update] => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Epson Stylus NX430(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2012-03-07] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Spotify Web Helper] => C:\Users\Brenda\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-26] (Spotify Ltd)
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Brenda\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{58FCA57B-8E3E-4635-829C-5B717E7CE575}: [DhcpNameServer] 192.168.0.1 205.171.3.65
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
URLSearchHook: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> Default = {b843a48a-b70f-45cd-a15a-6c2b30c2c11e}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {4B342B10-2336-4B0C-AF73-1F2AE13FDDB0} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\tkt29lin.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.5.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.2.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-13] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-10-17] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @g2.com/iggweb3dupdater -> C:\Users\Brenda\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @g2.com/joyconnectshell -> C:\Users\Brenda\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [2012-04-19] (IGG)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Brenda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2178881584-2744589791-4175445109-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Brenda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-12] (Unity Technologies ApS)
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-02-24] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-05-13] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-05-13] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{56D10AE9-6227-455E-95C3-73CD63A091EC}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.facebook.com/
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Brenda\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-10-17] ()
R2 RealPlayer Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1418336 2013-11-13] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [29320 2013-10-25] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 massfilter_brcm; C:\Windows\system32\drivers\massfilter_brcm.sys [20232 2012-06-07] (Handset Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-20 10:45 - 2016-03-20 10:45 - 00007734 _____ C:\Users\Brenda\Desktop\JRT.txt
2016-03-20 10:37 - 2016-03-20 10:38 - 01610352 _____ (Malwarebytes) C:\Users\Brenda\Desktop\JRT.exe
2016-03-20 10:29 - 2016-03-20 10:31 - 00040920 _____ C:\Users\Brenda\Desktop\Addition.txt
2016-03-20 10:26 - 2016-03-20 10:59 - 00021056 _____ C:\Users\Brenda\Desktop\FRST.txt
2016-03-19 20:36 - 2016-03-20 10:51 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-19 20:35 - 2016-03-19 20:35 - 01527296 _____ C:\Users\Brenda\Desktop\AdwCleaner.exe
2016-03-19 20:24 - 2016-03-19 20:29 - 00013172 _____ C:\Users\Brenda\Desktop\Fixlog.txt
2016-03-19 20:18 - 2016-03-19 20:18 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-19 20:18 - 2016-03-19 20:18 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-19 20:09 - 2016-03-19 20:09 - 00987728 _____ (Google Inc.) C:\Users\Brenda\Desktop\ChromeSetup.exe
2016-03-14 23:15 - 2016-03-14 23:15 - 00416591 _____ C:\Users\Brenda\Documents\Kitchen Team- Prep Cook.pdf
2016-03-14 23:11 - 2016-03-14 23:11 - 00416637 _____ C:\Users\Brenda\Documents\Kitchen Team- Line Cook.pdf
2016-03-14 23:06 - 2016-03-14 23:06 - 00417766 _____ C:\Users\Brenda\Documents\Kitchen Team- Dishes and Dining Hall Attendant.pdf
2016-03-14 19:53 - 2016-03-14 19:53 - 00050708 _____ C:\Users\Brenda\Desktop\3-14-16-edible-order-form.pdf
2016-03-14 15:14 - 2016-03-20 10:57 - 00000000 ____D C:\FRST
2016-03-14 15:13 - 2016-03-14 15:14 - 02374144 _____ (Farbar) C:\Users\Brenda\Desktop\FRST64.exe
2016-03-14 15:02 - 2016-03-19 12:01 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-14 15:02 - 2016-03-19 12:01 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-12 20:54 - 2016-03-12 20:54 - 00265223 _____ C:\Users\Brenda\Desktop\Babikoff Resume 6_13_14(1).pdf
2016-03-12 13:00 - 2016-03-12 13:00 - 00003114 _____ C:\Windows\System32\Tasks\{BB912A04-B1D5-46E6-85ED-79A8C200EFB5}
2016-03-12 12:27 - 2016-03-12 12:27 - 00000000 ____H C:\Users\Brenda\AppData\Local\BIT18EC.tmp
2016-03-12 12:21 - 2016-03-12 12:21 - 00000000 _____ C:\Users\Brenda\AppData\Local\{D102A48E-B9B3-4424-9FBC-940E6D027909}
2016-03-12 12:14 - 2016-02-12 11:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-12 12:14 - 2016-02-12 11:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-12 12:14 - 2016-02-12 11:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-12 12:14 - 2016-02-12 11:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-12 12:14 - 2016-02-12 11:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-12 12:14 - 2016-02-12 11:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-12 12:14 - 2016-02-12 11:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-12 12:14 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-12 12:14 - 2016-02-12 11:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-12 12:14 - 2016-02-12 11:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-12 12:14 - 2016-02-12 11:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-12 12:14 - 2016-02-12 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-12 12:14 - 2016-02-12 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-12 12:14 - 2016-02-12 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-12 12:14 - 2016-02-05 11:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-12 12:14 - 2016-02-05 11:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-12 12:14 - 2016-02-05 11:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-12 12:14 - 2016-02-05 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-12 12:14 - 2016-02-05 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-12 12:14 - 2016-02-05 11:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-12 12:14 - 2016-02-05 11:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-12 12:14 - 2016-02-05 10:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-12 12:14 - 2016-02-05 10:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-12 12:14 - 2016-02-05 10:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-12 12:14 - 2016-02-04 18:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-12 12:14 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-12 12:14 - 2016-02-04 10:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-12 12:14 - 2016-02-03 11:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-12 12:14 - 2016-02-03 11:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-12 12:14 - 2016-02-03 11:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-12 12:14 - 2016-02-03 11:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-12 12:14 - 2016-02-03 11:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-12 12:14 - 2016-01-11 12:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-12 12:14 - 2015-11-19 07:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-12 12:14 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-12 12:13 - 2016-02-08 23:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-12 12:13 - 2016-02-08 23:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-12 12:13 - 2016-02-08 14:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-12 12:13 - 2016-02-08 13:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-12 12:13 - 2016-02-08 13:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-12 12:13 - 2016-02-08 13:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-12 12:13 - 2016-02-08 13:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-12 12:13 - 2016-02-08 13:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-12 12:13 - 2016-02-08 13:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-12 12:13 - 2016-02-08 13:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-12 12:13 - 2016-02-08 13:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-12 12:13 - 2016-02-08 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-12 12:13 - 2016-02-08 13:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-12 12:13 - 2016-02-08 13:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-12 12:13 - 2016-02-08 13:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-12 12:13 - 2016-02-08 13:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-12 12:13 - 2016-02-08 13:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-12 12:13 - 2016-02-08 13:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-12 12:13 - 2016-02-08 13:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-12 12:13 - 2016-02-08 13:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-12 12:13 - 2016-02-08 13:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-12 12:13 - 2016-02-08 13:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-12 12:13 - 2016-02-08 13:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-12 12:13 - 2016-02-08 13:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-12 12:13 - 2016-02-08 13:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-12 12:13 - 2016-02-08 13:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-12 12:13 - 2016-02-08 13:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-12 12:13 - 2016-02-08 13:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-12 12:13 - 2016-02-08 12:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-12 12:13 - 2016-02-08 12:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-12 12:13 - 2016-02-08 12:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-12 12:13 - 2016-02-08 11:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-12 12:13 - 2016-02-08 11:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-12 12:13 - 2016-02-08 11:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-12 12:13 - 2016-02-08 11:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-12 12:13 - 2016-02-08 11:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-12 12:13 - 2016-02-08 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-12 12:13 - 2016-02-08 11:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-12 12:13 - 2016-02-08 11:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-12 12:13 - 2016-02-08 11:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-12 12:13 - 2016-02-08 11:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-12 12:13 - 2016-02-08 11:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-12 12:13 - 2016-02-08 11:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-12 12:13 - 2016-02-08 11:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-12 12:13 - 2016-02-08 11:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-12 12:13 - 2016-02-08 11:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-12 12:13 - 2016-02-08 11:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-12 12:13 - 2016-02-08 10:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-12 12:13 - 2016-02-08 10:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-12 12:13 - 2016-02-08 10:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-12 12:13 - 2016-02-08 10:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-12 12:13 - 2016-02-08 10:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-12 12:13 - 2016-02-08 10:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-12 12:13 - 2016-02-08 10:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-12 12:13 - 2016-02-08 10:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-12 12:13 - 2016-02-08 10:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-12 12:13 - 2016-02-08 10:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-12 12:13 - 2016-02-08 10:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-12 12:13 - 2016-02-08 10:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-12 12:13 - 2016-02-08 10:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-12 12:13 - 2016-02-08 10:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-12 12:13 - 2016-02-08 09:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-12 12:12 - 2016-02-11 11:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-12 12:12 - 2016-02-11 11:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-12 12:12 - 2016-02-11 11:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-12 12:12 - 2016-02-11 11:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-12 12:12 - 2016-02-11 11:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-12 12:12 - 2016-02-11 11:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-12 12:12 - 2016-02-11 11:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-12 12:12 - 2016-02-11 11:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-12 12:12 - 2016-02-11 11:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-12 12:12 - 2016-02-11 11:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-12 12:12 - 2016-02-11 11:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-12 12:12 - 2016-02-11 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-12 12:12 - 2016-02-11 11:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-12 12:12 - 2016-02-11 11:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-12 12:12 - 2016-02-11 11:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-12 12:12 - 2016-02-11 11:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-12 12:12 - 2016-02-11 11:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-12 12:12 - 2016-02-11 11:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-12 12:12 - 2016-02-11 10:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-12 12:12 - 2016-02-11 10:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-12 12:12 - 2016-02-11 10:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-12 12:12 - 2016-02-11 10:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-12 12:12 - 2016-02-11 10:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-12 12:12 - 2016-02-11 10:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-12 12:12 - 2016-02-11 10:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-12 12:12 - 2016-02-11 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-12 12:12 - 2016-02-11 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-12 12:12 - 2016-02-11 10:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-12 12:12 - 2016-02-11 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-12 12:11 - 2016-02-09 02:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-12 12:11 - 2016-02-09 02:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-12 12:10 - 2016-02-19 12:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-12 12:10 - 2016-02-19 11:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-12 12:10 - 2016-02-19 07:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-12 12:10 - 2016-02-11 07:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-12 12:10 - 2016-02-09 02:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-12 12:10 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-12 12:10 - 2016-02-09 02:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-12 12:10 - 2016-02-09 02:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-12 12:10 - 2016-02-09 02:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-12 12:10 - 2016-02-09 02:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-12 12:10 - 2016-02-09 02:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-12 12:10 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-12 12:10 - 2016-02-09 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-12 12:10 - 2016-02-05 07:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-12 10:59 - 2016-03-12 10:59 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-12 10:59 - 2016-03-12 10:59 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\ProgramData\Apple Computer
2016-03-12 10:58 - 2016-03-12 10:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-04 09:58 - 2016-03-19 13:43 - 00003366 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-02-29 12:48 - 2016-02-29 12:49 - 00000000 ____D C:\9a392ad229231899ea2b1a
2016-02-29 11:43 - 2016-03-12 09:03 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBrenda
2016-02-29 11:43 - 2016-03-12 09:03 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForBrenda.job
2016-02-26 13:02 - 2016-03-04 10:18 - 00000000 ____D C:\Users\Brenda\Documents\Resumes
2016-02-26 11:41 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-26 11:41 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-26 11:35 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-26 11:34 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-26 11:34 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-26 11:30 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-26 11:30 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-26 11:30 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-26 11:30 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-26 11:30 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-26 11:30 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-26 11:30 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-26 11:24 - 2016-01-21 23:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-26 11:24 - 2016-01-21 22:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-26 11:23 - 2016-01-21 23:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-26 11:23 - 2016-01-21 23:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-26 11:23 - 2016-01-21 23:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-26 11:23 - 2016-01-21 23:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-26 11:23 - 2016-01-21 22:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-26 11:23 - 2016-01-21 22:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-20 10:56 - 2012-06-03 16:46 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA.job
2016-03-20 10:54 - 2012-08-24 12:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-20 10:54 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-20 10:52 - 2012-08-24 12:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-20 10:35 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-20 10:35 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-20 10:20 - 2012-04-01 17:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-19 20:38 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-19 20:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-19 20:30 - 2012-08-24 12:59 - 00000000 ____D C:\Program Files\Google
2016-03-19 20:30 - 2012-08-24 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-19 20:25 - 2012-05-31 13:56 - 00000000 ___SD C:\Users\Brenda\AppData\LocalLow\Temp
2016-03-19 20:12 - 2014-11-29 11:54 - 00000000 __SHD C:\Users\Brenda\AppData\Local\EmieBrowserModeList
2016-03-19 20:12 - 2014-11-27 15:04 - 00000000 __SHD C:\Users\Brenda\AppData\LocalLow\EmieBrowserModeList
2016-03-19 20:12 - 2014-04-16 07:09 - 00000000 __SHD C:\Users\Brenda\AppData\LocalLow\EmieUserList
2016-03-19 20:12 - 2014-04-16 07:09 - 00000000 __SHD C:\Users\Brenda\AppData\Local\EmieUserList
2016-03-19 20:12 - 2014-04-16 07:09 - 00000000 __SHD C:\Users\Brenda\AppData\Local\EmieSiteList
2016-03-19 20:12 - 2014-04-14 09:08 - 00000000 __SHD C:\Users\Brenda\AppData\LocalLow\EmieSiteList
2016-03-19 20:12 - 2012-08-24 12:58 - 00000000 ____D C:\Users\Brenda\AppData\Local\Google
2016-03-19 16:46 - 2012-06-03 16:46 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core.job
2016-03-19 13:43 - 2015-08-26 08:42 - 00003234 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001
2016-03-19 12:09 - 2012-03-03 12:23 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F37CBA61-F619-4F41-A793-54729BB1184D}
2016-03-14 23:15 - 2012-05-17 19:46 - 00573952 ___SH C:\Users\Brenda\Documents\Thumbs.db
2016-03-14 17:58 - 2014-05-23 12:19 - 02878976 ___SH C:\Users\Brenda\Downloads\Thumbs.db
2016-03-13 19:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-03-13 13:15 - 2009-07-13 21:45 - 00413160 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-13 13:12 - 2014-12-11 06:20 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-13 09:55 - 2012-04-01 17:44 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-13 09:55 - 2012-04-01 17:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-13 09:54 - 2011-08-08 21:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-13 09:51 - 2013-07-17 05:54 - 00000000 ____D C:\Windows\system32\MRT
2016-03-13 09:31 - 2012-03-10 22:01 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-13 01:21 - 2016-02-13 07:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-12 20:43 - 2007-01-01 18:25 - 00000000 ____D C:\Windows\Panther
2016-03-12 12:49 - 2011-08-08 21:45 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-03-12 12:46 - 2011-08-08 21:34 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-03-12 10:59 - 2015-03-18 10:11 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-12 09:05 - 2012-03-03 12:51 - 00775124 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-12 09:03 - 2012-10-31 05:13 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForBRENDA-HP$.job
2016-03-12 09:02 - 2012-10-31 05:13 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBRENDA-HP$
2016-03-03 16:17 - 2012-03-09 07:04 - 00000000 ____D C:\Users\Brenda\AppData\Roaming\Epson
2016-02-29 12:49 - 2015-04-05 07:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-29 12:49 - 2015-04-05 07:54 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-29 12:49 - 2014-05-07 07:06 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-29 12:43 - 2011-08-08 21:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-02-29 12:43 - 2011-08-08 21:18 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-29 12:41 - 2011-08-08 21:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-29 11:52 - 2011-02-10 12:23 - 00000000 ____D C:\SWSetup
2016-02-29 11:27 - 2015-01-08 17:16 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-29 11:27 - 2015-01-08 17:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-29 11:27 - 2015-01-08 17:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-29 11:27 - 2012-03-03 12:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-26 11:48 - 2009-07-13 19:34 - 00000580 _____ C:\Windows\win.ini
2016-02-26 11:12 - 2012-05-13 05:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-26 11:12 - 2012-05-13 05:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-11-04 16:53 - 2014-12-05 12:33 - 0000111 _____ () C:\Users\Brenda\AppData\Roaming\sdole32.ini
2016-03-12 12:27 - 2016-03-12 12:27 - 0000000 ____H () C:\Users\Brenda\AppData\Local\BIT18EC.tmp
2015-01-19 22:39 - 2015-01-19 22:39 - 0000001 _____ () C:\Users\Brenda\AppData\Local\DSI.DAT
2015-05-24 00:23 - 2015-05-24 00:23 - 0000000 _____ () C:\Users\Brenda\AppData\Local\Temp.dat
2016-03-12 12:21 - 2016-03-12 12:21 - 0000000 _____ () C:\Users\Brenda\AppData\Local\{D102A48E-B9B3-4424-9FBC-940E6D027909}
 
Some files in TEMP:
====================
C:\Users\Brenda\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 04:58
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Brenda (2016-03-20 11:00:38)
Running from C:\Users\Brenda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-03 19:13:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2178881584-2744589791-4175445109-500 - Administrator - Disabled)
Brenda (S-1-5-21-2178881584-2744589791-4175445109-1001 - Administrator - Enabled) => C:\Users\Brenda
Guest (S-1-5-21-2178881584-2744589791-4175445109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2178881584-2744589791-4175445109-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-300 Series Printer Uninstall (HKLM\...\EPSON XP-300 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
IGG Web3D Player version 1.0.0.38 (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Pascal Handset USB Driver (HKLM\...\{9B00E99F-83A4-40d4-B987-7EB04F722BB7}) (Version:  - ZTE Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unity Web Player (HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZTE Z768G Handset USB Driver (HKLM\...\{E43FCF0E-75BE-4430-A7F4-C55EE5AA1A70}_is1) (Version: 3.0.0.01 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1114ADD5-F5C6-4C9B-9C72-CB4482A9146E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {19836291-3B1C-464C-A521-62213FAD157B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {1B1D62D6-941C-4B04-B86D-F26342554F22} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-10-17] (RealNetworks, Inc.)
Task: {1C726821-5CDA-4DF8-8D28-34BD22659AF4} - System32\Tasks\{D14D5478-E947-48EE-92E8-1E8A60AA0F82} => pcalua.exe -a "C:\Users\Brenda\Downloads\GamersUnite_SnagBar (1).exe" -d C:\Users\Brenda\Desktop
Task: {1FD989F3-1661-48E6-92E0-692ABFD48B15} - System32\Tasks\{4C2BA0D3-9A1D-4EDC-AB47-9A0C88E462F8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {506E90ED-8A74-4C4D-B7A4-2A7B9D26F8C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-10-25] (RealNetworks, Inc.)
Task: {534CBF3F-AEA8-451B-82AE-811914863696} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {5830A420-EDDD-4B58-895F-8712B5B48B50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {6C842032-DECC-4507-B1F9-7AF77B1C0F3A} - System32\Tasks\{729041D1-F38F-4BBE-8EE0-2C33F42A849B} => pcalua.exe -a C:\Users\Brenda\Downloads\GamersUnite_SnagBar.exe -d C:\Users\Brenda\Desktop
Task: {6DCAFF31-E40D-4FFE-9B77-E1896D3641FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-13] (Adobe Systems Incorporated)
Task: {7F6047E7-D8B6-4A8A-A5B5-38F61B99BE1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {892F8B90-D47A-473F-B77E-B2D6AF4F6AB2} - System32\Tasks\{BB912A04-B1D5-46E6-85ED-79A8C200EFB5} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {91EFD7A1-9704-4B2E-A0A2-34B2C123590B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-11-13] (Hewlett-Packard)
Task: {9D4502CE-5122-46DA-A45A-E8F7602200C6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {A1D24166-EAF4-4DE6-BBFE-7E356DA2C5A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {A3CBFE28-6585-4258-B9E6-A87C606322E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {AB38C168-2F96-4534-823D-6CBA521E6868} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company)
Task: {B4593B6A-C53F-41C8-BB9B-9B5E231893DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-24] (Google Inc.)
Task: {B621043B-719B-4537-8F94-F43E5B963A4E} - System32\Tasks\HPCeeScheduleForBrenda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BC4C13A5-6C1B-4DB1-9E3A-DD49A667F195} - System32\Tasks\HPCeeScheduleForBRENDA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DBB06268-ACD1-4FD1-839D-5A4C5942E1EA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2178881584-2744589791-4175445109-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-10-17] (RealNetworks, Inc.)
Task: {E9A7B192-4B44-4E96-87A7-3C99735A3EC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001Core.job => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2178881584-2744589791-4175445109-1001UA.job => C:\Users\Brenda\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBRENDA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBrenda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-07-05 12:27 - 2011-07-05 12:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-17 19:08 - 2013-10-17 19:08 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-25 15:39 - 2013-10-25 15:39 - 00029320 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-07-05 12:27 - 2011-07-05 12:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-13 17:26 - 2013-11-13 17:26 - 00857184 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2013-10-25 15:38 - 2013-10-25 15:38 - 00026760 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-03-19 20:18 - 2016-03-07 19:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-19 20:18 - 2016-03-07 19:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2178881584-2744589791-4175445109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brenda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{92589284-1F64-4BE9-BB82-449013434DF5}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{7059C0E3-C716-4955-8741-4D339D51803D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{53D0F711-5858-49A4-A527-EC688C6F67EE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{7889874D-907F-40BE-B6F7-4FDC0145F70D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}] => (Allow) LPort=2869
FirewallRules: [{06D64F51-1E72-4DB9-93ED-2BBE70544A51}] => (Allow) LPort=1900
FirewallRules: [{2520B914-6504-47E7-A090-757E8740E293}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D2E25034-8BEE-44C8-A27A-C7A47A55A732}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{24CCFC2E-4059-49C9-9184-7590F3CC64D9}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{0815A371-0064-4785-9B8D-93A26FFE78B6}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{85D638D7-8941-450F-80F9-0B866A8119C2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9BEDF61D-5CDD-48EA-A2EB-6973FEFD615B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BF515693-C5F3-4D26-ABDA-B688A383E6E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{5399727D-D447-4EA4-9695-B1A0D78FAD6F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{01ECF1B3-851D-4E6B-BB89-13423B3B4500}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1ED9186D-65B9-4850-B456-E687FCBD4E0F}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AA39AEE1-1D4D-49DC-AEB7-E34B5D036444}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{0614C67E-064E-4296-9D16-6008116441ED}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{50381F9C-1B5C-463A-9ABA-F37B9E7E5301}] => (Allow) LPort=443
FirewallRules: [{9E5DBC6D-5C5C-468D-AD20-10E39F7218F9}] => (Allow) LPort=443
FirewallRules: [{517912DB-DD82-4150-964B-060AF84A1B9F}] => (Allow) LPort=37674
FirewallRules: [{31077B10-0470-4EFE-8C75-BB17C5769A04}] => (Allow) LPort=37674
FirewallRules: [{04B62C9D-9BB7-4E83-8EB8-19531D562AAE}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{D48D959E-1EFA-48F7-97F2-3CA705DB34CF}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0846A008-39EB-468D-A65B-0763D7A831B9}C:\users\brenda\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\brenda\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BB14D91E-8327-4C56-B3F7-804DB03799DB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E36444C9-11FF-4EB9-BBD9-F222909E996A}] => (Allow) C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe
FirewallRules: [{48BCC334-341E-41CE-8E44-43191A34DA9F}] => (Allow) C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe
FirewallRules: [{4F59E603-DF5D-4F31-A686-3B224879788A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{5D16FEEC-87A3-4393-90A3-2DA0AA75D26D}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D6087E1D-F951-4DE7-9914-3D562BA25134}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe
FirewallRules: [{9D45FFE6-64FE-4943-ABBF-845D3EA5B174}] => (Allow) C:\Program Files (x86)\Gamers Unite! Snag Bar\TroubleShooter.exe
FirewallRules: [{9948AD5B-1C51-4F04-9E07-7CE010ECF40D}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{344705B8-5582-410D-90C1-91BC0B835EA3}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{81878CC2-25D7-425C-8D23-56965B6390AF}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{5DD9B5A3-3425-472D-A98B-50A1A71166A7}] => (Allow) C:\Users\Brenda\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{31E0F40C-F2EB-4615-8118-4C36E2CEFD7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{14686EF1-99D2-453C-A7BD-7C2AF9818589}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4F73B4DB-9787-4949-A1BA-C26F0D110587}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{51B7E8A4-C7E6-4244-9214-D5E4713C57CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{CE530119-B23C-40D2-9EE6-E660B06064C5}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{19784EE9-44A7-4DA9-A69B-AEA12FD5E2E8}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [{1CF8ACC6-AF43-49E4-B1DB-CB695D0A8A7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F450284A-E8EF-4B48-9942-A707C3505103}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84D11AC6-1D96-4F76-8ADF-B47C8EE54B2F}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{8002D51C-E6A6-42A0-B78D-7AF4777D2FD3}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{CBF34E64-8275-489C-9218-38E7A51E1D02}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{18850104-97FC-437B-A146-87D6D6FB0368}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BFB53E5F-4C1F-4552-9A17-884319F6D47C}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{BFB1CA53-8770-4627-AA64-92702A2283CD}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{E034FF50-F500-4F31-831C-6A0FC1699F80}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{B3D652AD-7754-454F-8492-3572FE266A5B}] => (Allow) C:\Users\Brenda\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{860ED4ED-9CE5-47F7-9862-014C6C4D6C24}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AFA78F06-4076-47E4-B53F-F02127CC0C3A}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2D41F9F4-D139-44DA-A0F9-5B0BC7048654}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{E175672D-DC66-49A8-BF16-7EE0D5318C56}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Block) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [TCP Query User{08E815D7-DE40-4F99-9047-82D7063F5201}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FB5F8820-E976-4754-934B-F45D18B5F229}C:\users\brenda\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\brenda\appdata\local\akamai\netsession_win.exe
FirewallRules: [{74C81E8D-556E-4CA8-B3BE-A5CB374E856E}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{680874DA-8958-49CD-BADC-4E7748DE518E}] => (Allow) C:\Program Files (x86)\Heroes & Generals\live\hng.exe
FirewallRules: [{E16CAFEE-5C85-4501-89C8-DABEBB4C4E35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EDF802B-BA14-4BE1-8DD4-9B7468322A79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3520EB3-55E8-4CB7-A70E-90128F7490C0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{18C9868B-5A81-45F7-8B9C-D57385172E48}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D1386914-28C2-4CDF-9C72-E5D11DAA5403}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{26D539C5-D7A9-4632-8D00-D23392857DBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{11C87F29-0F24-4E7A-B783-65CB09B7037F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4AB7D9E5-A9CC-458A-9E86-C17B3C9027AB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{747398F9-47A2-41BB-9651-8DE0F5539018}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{52122C4E-0A2F-4582-A1E5-710523ED2497}C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [UDP Query User{F592189D-03E5-4DE3-AA92-212E4FB3C5E6}C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe] => (Allow) C:\users\brenda\desktop\space engineers\dedicatedserver64\spaceengineersdedicated.exe
FirewallRules: [{9A20CEA6-3F70-4D8E-9E72-FF206B4A98D3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{B48E372E-4462-41E1-9A1D-36D6EFAC7C89}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [UDP Query User{8589E86F-EB1C-4CFA-AFD1-EBD5DBF3CC20}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [TCP Query User{DAF734F9-F4DE-4F28-A488-5CDEA8C777AB}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [UDP Query User{81C805D7-60AE-4CA7-B453-3CD76422C0B5}C:\games\magicite\magicite.exe] => (Allow) C:\games\magicite\magicite.exe
FirewallRules: [TCP Query User{4EFEF6F3-6F4C-4384-9446-CB4AFC7D944B}C:\users\brenda\desktop\vagante.v17c\vagante.exe] => (Allow) C:\users\brenda\desktop\vagante.v17c\vagante.exe
FirewallRules: [UDP Query User{5853209D-962E-4B9B-8BC5-FEE6798477DE}C:\users\brenda\desktop\vagante.v17c\vagante.exe] => (Allow) C:\users\brenda\desktop\vagante.v17c\vagante.exe
FirewallRules: [{DEF491B4-0C10-40F0-A695-3CD1957858D4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{687A6F72-689D-47A6-BB00-D1D54BC37B2C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-03-2016 09:25:04 Windows Update
17-03-2016 08:25:43 Windows Update
19-03-2016 20:13:44 Removed Google Drive
19-03-2016 20:24:17 Restore Point Created by FRST
20-03-2016 10:38:53 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/20/2016 10:55:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 08:31:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 04:49:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 04:46:31 PM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/19/2016 01:42:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 12:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/19/2016 11:58:17 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/18/2016 08:31:25 AM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/17/2016 09:20:24 PM) (Source: Google Update) (EventID: 20) (User: Brenda-HP)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (03/17/2016 12:41:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/20/2016 10:51:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/20/2016 10:51:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/20/2016 10:51:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/20/2016 10:51:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/20/2016 10:51:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/20/2016 10:51:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/20/2016 10:51:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/20/2016 10:51:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/20/2016 10:51:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/20/2016 10:51:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RoxioNow Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 3690.91 MB
Available physical RAM: 2035.84 MB
Total Virtual: 7380.02 MB
Available Virtual: 5473.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.98 GB) (Free:368.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:14.61 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 27DA6E45)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#13
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi Robbie Babikoff,
 
You have done well so far, a little bit more to go. :thumbsup:

Remove missing Chrome Plugin
  • Open Chrome
  • Copy and paste the following in the address bar and press Enter:

    chrome://plugins
  • You will get a page with all the plugins listed.
  • Press "Disable" on the following Plugins.

    Widevine Content Decryption Module

  • Then press "Enable".
  • Close Chrome.
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

In your next reply, please include the following:
  • MalwareBytes log
  • ESET log
  • How is your system running now?

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP