Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

YSPackage

Started by Icey1950 , Jul 18 2016 03:34 AM

How to safely remove it

This topic is locked

#1
Icey1950

Posted 18 July 2016 - 03:34 AM

Member

Member
49 posts

It's been a while but, guess it was my turn for another go round with malware, during a trip through some You Tubes I seem to have gotten this YSPackage, all these ads and little programs and stuff suddenly appeared and though I was able to find and uninstall them I rebooted and was not able to get to my desktop, I rebooted again and went into safe mode and ran malwarebytes but still not able to get to my desktop...Please help I ran the FRST scan and have attached the results.

Thank you,

Icey

#2
zep516

Posted 18 July 2016 - 09:19 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Please copy an paste the logs to the forum (FRST.TXT) and (Additions.txt). Please do not attach logs.

#3
Icey1950

Posted 19 July 2016 - 09:47 AM

Member

Topic Starter
Member
49 posts

Hi Zep516,

Thanks for your quick reply ....had a time getting to the site this morning sure hope all this helps whatever it takes I can do it thanks for your help......

Icey

here is the FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016 03
Ran by Audio User (administrator) on AUDIOUSER-PC (18-07-2016 05:02:50)
Running from C:\Users\Audio User\Downloads
Loaded Profiles: Audio User (Available Profiles: Audio User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(URSoft,Inc) C:\Program Files (x86)\Your Uninstaller 2010\urmain.exe
(URSoft,Inc) C:\Program Files (x86)\Your Uninstaller 2010\urmain.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\Spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [cpuminer] => C:\Users\Audio User\AppData\Roaming\cpuminer\cpm.exe
HKLM\...\Run: [WINCOMMVV] => "C:\Program Files (x86)\browseextension\wincom_MVV.exe"
HKLM\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKLM-x32\...\Run: [tvncontrol] => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM\...\RunOnce: [OTUTPRODUCT_CWVQN] => "C:\Program Files (x86)\mpck\otutnetwork.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [HughesNetStatusMeter] => C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe [233472 2015-01-28] ()
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ADVENT~1.SCR
AppInit_DLLs: C:\ProgramData\Zonekix\PlusTough.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Zonekix\Stimis.dll => No File
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => No File
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GeekBuddy.lnk [2016-07-17]
ShortcutTarget: GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{38909CD8-DB01-4FA6-9635-A91098A84D91}: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D9A51A99-C084-470B-BBD0-F93A951A34FB}: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.pogo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000 -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Tanfuurpeubota -> {764447F3-A06A-4432-8788-F04BC76DECE3} -> C:\Program Files\Tanfuurpeubota\Keeio64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {D3EE7876-057D-431E-8848-3D1A3EDC4F59} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Tanfuurpeubota -> {764447F3-A06A-4432-8788-F04BC76DECE3} -> C:\Program Files\Tanfuurpeubota\Keeio.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: No Name -> {D3EE7876-057D-431E-8848-3D1A3EDC4F59} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
IE Session Restore: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000 -> is enabled.
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\zcrq7s95.default-1451861384619
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-09-20] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: JavaScript on-off applet - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\zcrq7s95.default-1451861384619\extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2016-04-06]
FF Extension: Video WithOut Flash - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\zcrq7s95.default-1451861384619\Extensions\[email protected] [2016-01-25]
FF Extension: Speed Dial - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\zcrq7s95.default-1451861384619\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-01-03]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G7Hzftpbl0cshmoAR,f105e1c5-37f4-4be8-b3d3-4517333acd0d,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G7Hzftpbl0cshmoAR,f105e1c5-37f4-4be8-b3d3-4517333acd0d,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G7Hzftpbl0cshmoAR,f105e1c5-37f4-4be8-b3d3-4517333acd0d,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-17]
CHR Extension: (Google Docs) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-17]
CHR Extension: (Google Drive) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-17]
CHR Extension: (ColorZilla) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-17]
CHR Extension: (Kindle Cloud Launcher) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabgeinondjemaplkkcifnplhcbeeiob [2015-01-07]
CHR Extension: (Google Sheets) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-17]
CHR Extension: (Google Docs Offline) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-17]
CHR Extension: (AdBlock) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-17]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-07-17]
CHR Extension: (Ghostify Hide Geo FREE) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp [2016-07-17]
CHR Extension: (Bazz Search) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef [2016-07-17]
CHR Extension: (Gmail) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-17]
CHR Extension: (Typing Tutor) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppodolbmofkadjlohmiofjladlpfked [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [oaocmnfllndpbbmjmniielgaanaifehp] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://Google.com/h?eq=U0EeCFZVBB8SRggbdQhcUgtJRxgUcQAITA0SQwAOeQ8MUhQQGAcbdA0BBAxFGA0FIk0FA1oDB0VXfV5bFElXTwhuL0tdM1wCVFlXM3FNAw=="
OPR Session Restore: -> is enabled.

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
S2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 iWinTrusted; C:\Program Files (x86)\Pogo Games\iWinTrusted.exe [216920 2015-10-02] (iWin Inc.)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [399096 2016-03-14] (JRiver, Inc.)
S2 MF NTFS Monitor; C:\Users\Audio User\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456176 2015-04-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 nlsInterface; C:\Windows\system32\nlsInterface.exe [72192 2009-04-03] (Nalpeiron Ltd.) [File not signed]
S2 ProntSpooler; C:\Users\Audio User\AppData\Local\Apps\2.0\abril.exe [134656 2016-05-19] () [File not signed]
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 backlh; C:\ProgramData\Logic Handler\set.exe [X]
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [X]
S2 E945B08D-A156-4A92-941E-F97888CD7E6E; "C:\Program Files\Tanfuurpeubota\Ekitgu.exe" [X]
S2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
S4 GTFPOQUOTT Updater; C:\Program Files (x86)\GTFPOQUOTT Updater\GTFPOQUOTT Updater.exe [X]
S2 Komjokj; "C:\Users\Audio User\AppData\Roaming\HoyiPaawur\Kaotwodx.exe" -cms [X]
S2 Kouns; "C:\Users\Audio User\AppData\Roaming\SivmuUphem\Wephhik.exe" -cms [X]
S2 Lhpalauf; "C:\Users\Audio User\AppData\Roaming\Kiwlikdou\Kiwlikdou.exe" -cms [X]
S2 OutfoxTvService; no ImagePath
S2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service [X]
S2 Tanfuurpeubota Updater; C:\Program Files\Tanfuurpeubota\Jooukvo.exe [X]
S2 Uuoha; "C:\Users\Audio User\AppData\Roaming\Fupbyorc\Fupbyorc.exe" -cms [X]
S2 Zonekix; C:\ProgramData\\Zonekix\\Zonekix.exe shuz -f "C:\ProgramData\\Zonekix\\Zonekix.dat" -l -a

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 bsdpf64; C:\Windows\system32\Drivers\bsdpf64.sys [27456 2016-07-17] ()
R1 bsdpr64; C:\Windows\system32\Drivers\bsdpr64.sys [26944 2016-07-17] ()
S1 dc23c7a24c6f29a668d251d65fd47b3f; C:\Windows\System32\DRIVERS\dc23c7a24c6f29a668d251d65fd47b3f.sys [79952 2016-07-11] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [231944 2009-07-29] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
S2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-04-23] (Windows ® Win 7 DDK provider)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 NVHDA; no ImagePath
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-23] ()
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [X]
U4 WSearch; no ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 6474F8823C7188D2DA579F01FB6CED6B
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 43AD3D3E7674833FCA9A7C4E7180AD54
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\Drivers\bsdpf64.sys 5D7A678D1299468275E6DA3494393D05
C:\Windows\system32\Drivers\bsdpr64.sys E884EF9AF615BB86F0FF3FC7C715C723
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc23c7a24c6f29a668d251d65fd47b3f.sys 54CAFD2283ECFE45897F1EC7FE7B4C3D
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\enecir.sys 524C79054636D2E5751169005006460B
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BE7D72FCF442C26975942007E0831241
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\jmcr.sys 08ED99A8271CF0B808C595D88ECEE779
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 3974E5264A0481600370C5BEED061DDF
C:\Windows\System32\Drivers\ksecpkg.sys 6E85615A86FE86E76DAE49BF9F227483
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AE2500w764.sys 584528BF596A54B2BF6BE5067ADDA44A
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mafw.sys 3404ABC72D1075B171231D4169207312
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\MDA_NTDRV.sys CF17A39BA7D1D1E386FD0C1303642B91
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mfmonitor_x64.sys 0574AF96D86AD36CAEDFAA94D256C1F3
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\System32\DRIVERS\MpFilter.sys DA0FAEE45D6F03D7647851A20977A7D0
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 10112D850C844606419C79EE24EE6016
C:\Windows\System32\DRIVERS\mrxsmb10.sys DCC4343B422A13B42C7678998449CE8A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 46C4F5BEE8D98BB1688752EAD0ABB7C0
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6D79C8CB73187FBEAAD1F680FADF98D3
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys AB443152695F1B606EFD3E3728D5F362
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys FE61B0B4AA58C3BD3DFA6279131F7F53
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys F2F4B895296EE3ECCE781CC2A296A5D1
C:\Windows\System32\DRIVERS\srv2.sys FD0008BEDD2723170CCA7D61837DFD52
C:\Windows\System32\DRIVERS\srvnet.sys 63B5845D9379262083655D5C6AB8DFC5
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys DFFBC024DFC7BB05B2129E05CBC7A201
C:\Windows\System32\DRIVERS\SWDUMon.sys F4769CA7C8D24629DBBE6C45A0686F52
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-18 05:02 - 2016-07-18 05:03 - 00037715 _____ C:\Users\Audio User\Downloads\FRST.txt
2016-07-18 05:02 - 2016-07-18 05:02 - 00000000 ____D C:\FRST
2016-07-18 04:59 - 2016-07-18 04:59 - 02391040 _____ (Farbar) C:\Users\Audio User\Downloads\FRST64.exe
2016-07-18 04:02 - 2016-07-18 04:02 - 00149544 _____ C:\Users\Audio User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-18 03:49 - 2016-07-18 03:49 - 00008192 ___SH C:\Users\Audio User\AppData\Roaming\Thumbs.db
2016-07-17 11:31 - 2016-07-18 03:35 - 00533840 _____ C:\Windows\ntbtlog.txt
2016-07-17 11:22 - 2016-07-17 11:22 - 00000000 ____D C:\Windows\system32\sypd
2016-07-17 11:22 - 2016-07-17 11:22 - 00000000 ____D C:\Windows\system32\jise
2016-07-17 11:16 - 2016-07-17 11:16 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-17 11:02 - 2016-07-17 11:02 - 01164273 _____ C:\Windows\SysWOW64\vns4868.tmp
2016-07-17 09:29 - 2016-07-17 12:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-17 08:56 - 2016-07-17 08:56 - 00000000 ____D C:\Program Files (x86)\taskvmx
2016-07-17 08:54 - 2016-07-17 08:54 - 00000000 ____D C:\Users\Audio User\AppData\Local\Downloaded Installations
2016-07-17 08:49 - 2016-07-17 08:49 - 00000000 ____D C:\Users\Audio User\AppData\Local\QuickCleaner
2016-07-17 08:48 - 2016-07-17 08:49 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\QuickCleaner
2016-07-17 08:44 - 2016-07-17 12:42 - 00000000 ____D C:\ProgramData\b70986d7-6261-1
2016-07-17 08:44 - 2016-07-17 12:42 - 00000000 ____D C:\ProgramData\b70986d7-10e5-0
2016-07-17 08:44 - 2016-07-17 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-07-17 08:32 - 2016-07-17 08:32 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-17 08:32 - 2016-07-17 08:32 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-07-17 08:32 - 2016-07-17 08:32 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-07-17 08:13 - 2016-07-17 11:19 - 00001170 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-17 08:13 - 2016-07-17 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-17 08:12 - 2016-07-17 08:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-17 08:12 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-17 08:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-17 08:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-17 07:49 - 2016-07-17 07:50 - 00002090 _____ C:\Users\Audio\Local State
2016-07-17 07:42 - 2016-07-17 07:50 - 00000000 ____D C:\Users\Audio\Default
2016-07-17 07:42 - 2016-07-17 07:50 - 00000000 ____D C:\Users\Audio
2016-07-17 07:42 - 2016-07-17 07:49 - 00000000 ____D C:\Users\Audio\ShaderCache
2016-07-17 07:38 - 2016-07-17 11:23 - 00000000 ____D C:\Users\Audio User\AppData\LocalLow\Company
2016-07-17 07:38 - 2016-07-17 08:35 - 00000000 ____D C:\Users\Audio User\AppData\Local\Tempfolder
2016-07-17 07:38 - 2016-07-17 07:38 - 00027456 _____ C:\Windows\system32\Drivers\bsdpf64.sys
2016-07-17 07:38 - 2016-07-17 07:38 - 00026944 _____ C:\Windows\system32\Drivers\bsdpr64.sys
2016-07-17 07:36 - 2016-07-17 07:36 - 00512000 _____ C:\ProgramData\smp2.exe
2016-07-17 07:35 - 2016-07-17 07:35 - 00000000 ____H C:\Windows\system32\BIT3B9.tmp
2016-07-17 07:18 - 2016-07-17 07:18 - 00000000 ____D C:\Users\Audio User\AppData\Local\Shortcut Installer
2016-07-17 07:16 - 2016-07-17 07:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea
2016-07-17 07:15 - 2016-07-17 07:16 - 00000000 ____D C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d
2016-07-16 11:46 - 2016-07-16 11:46 - 00000000 ____D C:\Camouflage
2016-07-14 01:27 - 2016-07-14 01:27 - 20466368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-13 02:24 - 2016-07-13 02:58 - 00000746 _____ C:\LoadLogTextFormat.txt
2016-07-13 02:22 - 2016-07-13 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlphaPlugins
2016-07-13 02:22 - 2004-10-03 17:41 - 00167936 _____ (Panopticum,LLC. Maxim Chernousov, [email protected], [email protected].) C:\Windows\SysWOW64\Engine3D.dll
2016-07-12 05:44 - 2016-07-12 05:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-12 02:34 - 2016-07-12 02:37 - 00000140 _____ C:\Windows\Reimage.ini
2016-07-11 16:48 - 2016-07-11 16:48 - 00102559 _____ C:\Windows\4f8c888a28369b10018fca3f3d082720.exe
2016-07-11 16:48 - 2016-07-11 16:48 - 00079952 _____ C:\Windows\system32\Drivers\dc23c7a24c6f29a668d251d65fd47b3f.sys
2016-07-09 21:41 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-09 21:41 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-09 21:41 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-09 21:41 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-09 21:41 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-09 21:41 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-09 21:41 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-09 21:41 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-09 21:41 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-09 21:41 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-09 21:41 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-09 21:38 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-09 21:38 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-09 21:38 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-09 21:38 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-09 21:38 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-09 21:38 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-09 21:38 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-09 21:38 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-09 21:38 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-09 21:38 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-09 21:38 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-09 21:38 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-09 21:38 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-09 21:38 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-09 21:38 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-09 21:37 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-09 21:37 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-09 21:37 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-09 21:37 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-09 21:37 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-09 21:37 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-09 21:37 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-09 21:37 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-09 21:37 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-09 21:37 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-09 21:37 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-09 21:37 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-09 21:37 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-09 21:37 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-09 21:37 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-09 21:37 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-09 21:37 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-09 21:37 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-09 21:37 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-09 21:37 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-09 21:37 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-09 21:37 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-09 21:37 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-09 21:37 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-09 21:37 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-09 21:37 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-09 21:37 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-09 21:37 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-09 21:37 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-09 21:37 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-09 21:37 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-09 21:37 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-09 21:37 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-09 21:37 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-09 21:37 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-09 21:37 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-09 21:37 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-09 21:37 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-09 21:37 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-09 21:37 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-09 21:37 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-09 21:37 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-09 21:37 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-09 21:37 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-09 21:37 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-09 21:37 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-09 21:37 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-09 21:37 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-09 21:37 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-09 21:37 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-09 21:37 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-09 21:37 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-09 21:37 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-09 21:37 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-09 21:37 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-09 21:37 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-09 21:37 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-09 21:37 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-09 21:37 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-09 21:37 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-09 21:35 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-09 21:35 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-09 21:35 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-09 21:35 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-09 21:35 - 2016-01-06 15:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-09 21:35 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-09 21:35 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-09 21:35 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-09 21:35 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-09 21:35 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-09 21:35 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-09 21:35 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-09 21:34 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-09 21:34 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-09 21:34 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-09 21:34 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-09 21:34 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-09 21:34 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-09 21:34 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-09 21:34 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-09 21:34 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-09 21:34 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-09 21:34 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-09 21:34 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-09 21:34 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-07-09 21:34 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-07-09 21:33 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-09 21:33 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-09 21:33 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-09 21:33 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-09 21:33 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-09 21:33 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-09 21:33 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-09 21:33 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-09 21:33 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-09 21:33 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-09 21:33 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-09 21:33 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-09 21:33 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-09 21:33 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-09 21:33 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-07-09 21:33 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-07-09 21:33 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-07-09 21:33 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-07-09 21:33 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-07-09 21:33 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-07-09 21:33 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-07-09 21:33 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-07-09 21:33 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-07-09 21:33 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-07-09 21:33 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-07-09 21:33 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-07-09 21:33 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-07-09 21:33 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-07-09 21:32 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-09 21:32 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-09 21:32 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-09 21:32 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-09 21:32 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-09 21:32 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-09 21:32 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-09 21:32 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-09 21:32 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-09 21:32 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-09 21:32 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-09 21:32 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-09 21:32 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-09 21:32 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-09 21:32 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-09 21:32 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-09 21:32 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-09 21:32 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-09 21:32 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-09 21:32 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-09 21:32 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-09 21:31 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-09 21:31 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-09 21:31 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-09 21:31 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-09 21:31 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-09 21:31 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-09 21:31 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-09 21:31 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-09 21:31 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-09 21:31 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-09 21:31 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-09 21:31 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-07-09 21:31 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-07-09 21:31 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-07-09 21:28 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-09 21:28 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-09 21:28 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-09 21:28 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-09 21:28 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-09 21:28 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-09 21:28 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-09 21:28 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-09 21:28 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-09 21:28 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-09 21:28 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-09 21:28 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-09 21:28 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-09 21:27 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-09 21:27 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-09 02:51 - 2016-07-09 02:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-09 02:27 - 2016-06-29 18:55 - 00000853 _____ C:\Windows\system32\Drivers\etc\hosts.20160709-022745.backup
2016-07-09 02:12 - 2016-07-09 02:12 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-07-09 02:11 - 2016-07-17 11:19 - 00001431 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-07-09 02:11 - 2016-07-09 02:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-09 02:11 - 2016-07-09 02:11 - 00001443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-09 02:11 - 2016-07-09 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-09 02:11 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-07-08 21:54 - 2016-07-08 21:55 - 00000000 ____D C:\Splat
2016-07-07 23:02 - 2016-07-07 23:02 - 13076440 _____ C:\Users\Audio User\Downloads\IncrediMailSetup.exe
2016-07-05 22:08 - 2016-07-05 22:08 - 00000011 _____ C:\Windows\3DShadow.INI
2016-07-05 21:59 - 2016-07-05 21:59 - 00000000 ____D C:\Program Files (x86)\Lokas
2016-07-05 01:37 - 2016-07-07 20:09 - 00000000 ____D C:\Users\Audio User\AppData\Local\ba75
2016-07-05 01:37 - 2016-07-05 01:37 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\e609
2016-06-30 21:26 - 2016-06-30 21:27 - 00000000 ____D C:\Users\Audio User\Documents\Incredimail
2016-06-29 21:17 - 2016-07-17 11:20 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
2016-06-29 19:01 - 2016-06-30 22:12 - 00000000 ____D C:\Users\Audio User\Documents\CCleaner backups
2016-06-29 18:26 - 2016-06-29 18:26 - 00000000 ____D C:\Program Files\Reason
2016-06-28 20:01 - 2016-06-28 20:01 - 06569088 _____ (Tim Kosse) C:\Users\Audio User\Downloads\FileZilla_3.19.0_win64-setup.exe
2016-06-20 02:15 - 2016-06-29 20:26 - 00000000 __HDC C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
2016-06-20 02:15 - 2016-06-29 20:26 - 00000000 __HDC C:\ProgramData\{63B3AF69-722B-4FA9-965F-94DEB1E78796}
2016-06-20 02:15 - 2016-06-29 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2016-06-20 02:14 - 2016-06-20 02:14 - 00000000 ____D C:\Users\Audio User\AppData\Local\PackageAware
2016-06-20 02:13 - 2016-06-29 20:26 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2016-06-17 07:12 - 2016-06-17 07:13 - 00000000 ____D C:\Users\Audio User\Documents\DATA BASES GROUPS
2016-06-10 01:19 - 2016-06-29 20:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 00:03 - 2016-06-30 22:21 - 00000000 ____D C:\Users\Audio User\Desktop\PLETHORA LESSONS
2016-06-05 23:59 - 2016-06-06 00:00 - 00000000 ____D C:\Users\Audio User\Documents\Crochet
2016-05-18 15:36 - 2016-05-18 15:36 - 00005632 _____ C:\Users\Audio User\AppData\Local\ddnow4.exe
2016-05-18 15:35 - 2016-05-18 15:35 - 00005120 _____ C:\Users\Audio User\AppData\Local\ddnow.exe
2016-05-12 15:45 - 2016-05-12 15:45 - 00007680 _____ C:\Users\Audio User\AppData\Local\tinstall4.exe
2016-05-04 01:53 - 2016-05-04 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-25 01:51 - 2016-04-25 01:59 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Filter Forge 5

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-18 04:48 - 2014-01-27 15:18 - 00000000 ____D C:\Users\Audio User\Documents\ADDRESSES
2016-07-18 04:29 - 2014-01-10 00:39 - 00000000 ____D C:\ProgramData\TEMP
2016-07-18 04:19 - 2013-11-12 02:19 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-07-18 04:14 - 2013-09-20 16:50 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-07-17 12:39 - 2016-02-11 09:09 - 00000000 ____D C:\ProgramData\Kodak
2016-07-17 12:38 - 2016-03-28 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-17 12:38 - 2016-01-02 21:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-17 12:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-17 12:37 - 2014-07-09 22:33 - 00000000 ____D C:\Windows\Haunted Hotel 6- Ancient Bane Collector's Edition
2016-07-17 12:05 - 2013-09-26 22:31 - 00000000 ____D C:\Program Files (x86)\J River
2016-07-17 12:03 - 2013-11-12 02:17 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool VL Viewer
2016-07-17 12:03 - 2013-11-12 02:17 - 00000000 ____D C:\Program Files (x86)\CoolVLViewer-1.26.10
2016-07-17 11:28 - 2013-09-19 04:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\DNSAPI.dll
2016-07-17 11:28 - 2009-07-14 00:45 - 00025872 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-17 11:28 - 2009-07-14 00:45 - 00025872 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-17 11:24 - 2016-03-24 15:28 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForAudio User.job
2016-07-17 11:24 - 2016-01-02 21:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-17 11:23 - 2013-09-19 04:18 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-07-17 11:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-17 11:20 - 2016-04-06 22:12 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 4.lnk
2016-07-17 11:20 - 2016-02-02 04:29 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
2016-07-17 11:20 - 2016-01-02 21:06 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-17 11:20 - 2015-12-17 08:25 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 5.lnk
2016-07-17 11:20 - 2015-12-04 05:52 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-17 11:20 - 2015-10-31 03:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-17 11:20 - 2015-09-16 16:25 - 00002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
2016-07-17 11:20 - 2015-06-12 09:58 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Nature Manual.lnk
2016-07-17 11:20 - 2014-02-12 04:25 - 00002665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipsePalette.lnk
2016-07-17 11:20 - 2014-02-01 07:47 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2016-07-17 11:20 - 2014-01-30 17:58 - 00001488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-07-17 11:20 - 2014-01-30 17:55 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-07-17 11:20 - 2014-01-30 17:54 - 00001306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-07-17 11:20 - 2014-01-30 17:52 - 00001563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-07-17 11:20 - 2014-01-30 17:52 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-07-17 11:20 - 2014-01-28 11:41 - 00000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Impact Manual.lnk
2016-07-17 11:20 - 2014-01-25 21:18 - 00000892 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5.0 Textures Manual.lnk
2016-07-17 11:20 - 2014-01-17 11:26 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2016-07-17 11:20 - 2013-09-19 05:49 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-17 11:20 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-17 11:20 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-17 11:19 - 2016-03-11 06:55 - 00002378 _____ C:\Users\Public\Desktop\Play Living Legends - Bound by Wishes Collectors Edition.lnk
2016-07-17 11:19 - 2016-03-05 05:17 - 00002376 _____ C:\Users\Public\Desktop\Play Myths of the World - Spirit Wolf Collectors Edition.lnk
2016-07-17 11:19 - 2016-01-24 06:26 - 00001465 _____ C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-17 11:19 - 2016-01-20 05:58 - 00002283 _____ C:\Users\Public\Desktop\Play Haunted Hotel - Phoenix Collectors Edition.lnk
2016-07-17 11:19 - 2014-03-30 16:05 - 00001161 _____ C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2016-07-17 11:18 - 2016-02-03 07:10 - 00001118 _____ C:\Users\Audio User\Desktop\AMP Font Viewer.lnk
2016-07-17 11:18 - 2015-12-06 03:29 - 00002101 _____ C:\Users\Audio User\Desktop\DAZ Install Manager.lnk
2016-07-17 11:16 - 2015-06-16 21:31 - 00000000 ____D C:\Users\Audio User\AppData\Local\CrashDumps
2016-07-17 08:52 - 2016-01-03 17:53 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-17 08:52 - 2015-07-14 16:01 - 00002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-17 08:49 - 2013-09-20 01:59 - 00000000 ____D C:\Users\Audio User\AppData\Local\Apps\2.0
2016-07-17 08:32 - 2015-04-22 06:21 - 00000000 ____D C:\Users\Audio User\Downloads\WEB TOOLS
2016-07-17 08:13 - 2015-03-31 16:02 - 00000000 ____D C:\Program Files (x86)\Screen Calipers 4.0
2016-07-17 07:28 - 2013-09-20 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-07-17 05:16 - 2013-10-12 02:22 - 00000000 ____D C:\Users\Audio User\AppData\Local\Corel
2016-07-17 05:15 - 2015-10-17 23:19 - 00000000 ____D C:\Users\Audio User\Documents\My PSP Files
2016-07-17 05:15 - 2013-10-12 02:22 - 00004704 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2016-07-17 05:12 - 2009-07-14 00:45 - 05137440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-16 15:18 - 2016-01-05 18:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-16 14:06 - 2015-04-11 22:19 - 00000000 ____D C:\Users\Audio User\Downloads\Font
2016-07-16 12:06 - 2016-01-29 06:31 - 00000000 ____D C:\Users\Audio User\Downloads\Plugins
2016-07-16 11:02 - 2014-03-17 22:56 - 00000000 ____D C:\Program Files (x86)\Trillian
2016-07-14 01:28 - 2016-01-02 13:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 01:28 - 2016-01-02 13:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 02:27 - 2013-09-19 07:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 02:27 - 2013-09-19 07:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 02:22 - 2013-09-20 13:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-13 00:50 - 2009-07-14 01:13 - 00835878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-12 05:44 - 2014-07-21 17:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-12 05:44 - 2014-07-21 17:06 - 00000000 ____D C:\ProgramData\Skype
2016-07-12 04:50 - 2015-08-25 00:47 - 00000000 ____D C:\Users\Audio User\Downloads\Incredimail
2016-07-12 04:21 - 2015-10-10 18:08 - 00000000 ____D C:\Users\Audio User\AppData\Local\IM
2016-07-12 03:43 - 2013-09-25 22:17 - 00000000 ____D C:\Users\Audio User\AppData\Local\ElevatedDiagnostics
2016-07-11 22:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-11 00:02 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-10 23:55 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-10 23:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-10 02:50 - 2013-09-19 04:59 - 00000000 ____D C:\Windows\system32\MRT
2016-07-10 02:36 - 2013-09-19 04:59 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-10 02:34 - 2013-09-20 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-10 02:32 - 2013-09-20 11:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-10 02:32 - 2013-09-20 11:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-10 02:19 - 2013-10-24 17:21 - 00812600 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-10 02:00 - 2014-03-29 19:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-09 21:02 - 2015-04-18 02:02 - 00000000 ____D C:\Users\Audio User\Downloads\Alien Skin
2016-07-09 02:27 - 2009-07-13 22:34 - 00450732 ____R C:\Windows\system32\Drivers\etc\hp.bak
2016-07-09 01:36 - 2013-09-20 11:37 - 00000000 ____D C:\Windows\pss
2016-07-08 22:02 - 2014-01-25 21:13 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Alien Skin
2016-07-07 20:16 - 2015-07-14 15:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 00:11 - 2015-11-09 02:08 - 00000000 ____D C:\Users\Audio User\Downloads\Coloring Books
2016-07-06 21:13 - 2015-04-22 04:40 - 00000000 ____D C:\Users\Audio User\Downloads\Photoshop
2016-07-06 20:39 - 2010-11-20 23:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 21:59 - 2015-10-11 13:06 - 00044544 ____N C:\Windows\AWuninstall.exe
2016-07-05 21:24 - 2014-01-28 11:41 - 00000000 ____D C:\Alien Skin
2016-07-05 21:24 - 2014-01-25 21:18 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2016-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-07-04 00:34 - 2013-09-19 04:32 - 00001945 _____ C:\Windows\epplauncher.mif
2016-07-04 00:34 - 2013-09-19 04:31 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-04 00:33 - 2013-09-19 04:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-04 00:33 - 2013-09-19 04:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-07-02 23:50 - 2013-09-19 07:17 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Adobe
2016-07-02 21:32 - 2013-10-12 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro Photo X2
2016-07-02 16:28 - 2016-01-05 17:04 - 00000000 ____D C:\Users\Audio User\Desktop\JES PLUGIN LESSONS
2016-06-30 21:27 - 2014-01-17 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
2016-06-30 21:27 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-30 21:01 - 2014-01-17 08:02 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2016-06-29 20:26 - 2016-02-12 16:21 - 00000000 ____D C:\Users\Audio User\AppData\Local\Eastman_Kodak_Company
2016-06-29 20:26 - 2014-05-25 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Galaxy
2016-06-29 20:26 - 2014-02-20 14:48 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Diagnostics
2016-06-29 20:26 - 2014-02-15 05:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-29 20:26 - 2013-12-23 12:23 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-06-29 20:26 - 2013-09-19 03:04 - 00000000 ____D C:\Users\Audio User
2016-06-28 22:14 - 2014-07-10 22:04 - 00000756 _____ C:\Windows\nvrph.ini
2016-06-28 20:04 - 2014-01-21 19:16 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\FileZilla
2016-06-26 10:04 - 2009-07-14 01:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-24 15:01 - 2015-09-25 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PluginsGalaxy
2016-06-21 07:01 - 2014-05-01 20:04 - 00373248 _____ C:\Windows\EyeCand3.INI
2016-06-18 03:48 - 2014-07-11 22:20 - 00000747 _____ C:\Windows\nvrbm.ini

==================== Files in the root of some directories =======

2014-08-15 07:01 - 2015-11-09 01:05 - 0000363 _____ () C:\Program Files (x86)\RecentPlaces.lnk
2014-02-12 02:53 - 2015-01-16 14:50 - 0000132 _____ () C:\Users\Audio User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-07-18 03:49 - 2016-07-18 03:49 - 0008192 ___SH () C:\Users\Audio User\AppData\Roaming\Thumbs.db
2015-04-04 00:13 - 2015-10-10 21:19 - 0004608 _____ () C:\Users\Audio User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-18 15:35 - 2016-05-18 15:35 - 0005120 _____ () C:\Users\Audio User\AppData\Local\ddnow.exe
2016-05-18 15:36 - 2016-05-18 15:36 - 0005632 _____ () C:\Users\Audio User\AppData\Local\ddnow4.exe
2016-02-14 10:33 - 2016-03-17 18:10 - 0010374 _____ () C:\Users\Audio User\AppData\Local\installer.log
2016-05-12 15:45 - 2016-05-12 15:45 - 0007680 _____ () C:\Users\Audio User\AppData\Local\tinstall4.exe
2013-11-10 06:39 - 2013-11-10 06:39 - 0000080 _____ () C:\Users\Audio User\AppData\Local\X-Plane Installer.prf
2013-11-10 06:37 - 2013-11-10 06:37 - 0000046 _____ () C:\Users\Audio User\AppData\Local\x-plane_install_10.txt
2016-02-22 20:42 - 2016-02-22 20:42 - 0000000 _____ () C:\Users\Audio User\AppData\Local\{E2817094-16B9-441C-A0CA-D72AEC9E0246}
2013-10-06 05:45 - 2016-02-02 04:41 - 0000512 _____ () C:\ProgramData\HPWALog.txt
2016-07-17 07:36 - 2016-07-17 07:36 - 0512000 _____ () C:\ProgramData\smp2.exe

Files to move or delete:
====================
C:\ProgramData\smp2.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=G:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {5e7c8139-2050-11e3-b06c-b984090c718a}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {5e7c8137-2050-11e3-b06c-b984090c718a}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {5e7c813b-2050-11e3-b06c-b984090c718a}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5e7c8139-2050-11e3-b06c-b984090c718a}
nx                      OptIn
quietboot               No

Windows Boot Loader
-------------------
identifier              {5e7c813b-2050-11e3-b06c-b984090c718a}
device                  ramdisk=[C:]\Recovery\5e7c813b-2050-11e3-b06c-b984090c718a\Winre.wim,{5e7c813c-2050-11e3-b06c-b984090c718a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\5e7c813b-2050-11e3-b06c-b984090c718a\Winre.wim,{5e7c813c-2050-11e3-b06c-b984090c718a}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {5e7c8139-2050-11e3-b06c-b984090c718a}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=G:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {5e7c8138-2050-11e3-b06c-b984090c718a}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {5e7c813c-2050-11e3-b06c-b984090c718a}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\5e7c813b-2050-11e3-b06c-b984090c718a\boot.sdi

LastRegBack: 2016-03-07 07:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03
Ran by Audio User (2016-07-18 05:04:15)
Running from C:\Users\Audio User\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-09-19 07:04:08)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2365759274-3180811660-3926093282-500 - Administrator - Disabled)
Audio User (S-1-5-21-2365759274-3180811660-3926093282-1000 - Administrator - Enabled) => C:\Users\Audio User
Guest (S-1-5-21-2365759274-3180811660-3926093282-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2365759274-3180811660-3926093282-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Shadow by Lokas Software (HKLM-x32\...\3D Shadow by Lokas Software) (Version: - )
A Ruler for Windows (HKLM\...\{DCF4C336-18DB-449B-9238-821B7F28B614}_is1) (Version: 2.7 - Latour)
AbstractCurves x64 (HKLM\...\AbstractCurves AbstractCurves x64 1) (Version: 1.190 - AbstractCurves Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
aiofw (x32 Version: 4.2.6.0 - Eastman Kodak Company) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version: - )
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version: - )
Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version: - )
Alien Skin Snap Art 2 (HKLM-x32\...\Snap Art 2) (Version: - )
Alien Skin Snap Art 3 (HKLM\...\Alien Skin Snap Art 3) (Version: - Alien Skin)
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - )
Amazon Kindle (HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Amazon Kindle) (Version: - Amazon)
AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version: - )
AmphiSoft plug-in filters DEMO (HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\AmphiSoft plug-in filters DEMO) (Version: 01.22.00.00 - AmphiSoft)
Artistic Effects by Lokas Software (HKLM-x32\...\Artistic Effects by Lokas Software) (Version: - )
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.6.0.0 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)
Auto FX Free (HKLM\...\{ABE4D060-5260-453F-A742-933194AEB045}) (Version: 2.00.0004 - Auto FX Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
center (x32 Version: 5.0.0.0 - Eastman Kodak Company) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10260.0 - Cisco Consumer Products LLC)
CoffeeCup HTML Editor (HKLM-x32\...\CoffeeCup HTML Editor) (Version: - )
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete) (Version: 3.1.0.0 - Nik Software, Inc.)
Cool VL Viewer 1.26.12 (HKLM-x32\...\Cool VL Viewer 1.26.12) (Version: 1.26.12.41 - Cool Products)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.25 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EclipsePalette (HKLM-x32\...\{889047C6-F781-46AF-8183-04C661155710}) (Version: 2.0.20 - Green Eclipse)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - )
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Fear For Sale: Nightmare Cinema (HKLM-x32\...\Fear For Sale: Nightmare Cinema) (Version: 1.0.0.0 - Pogo.com)
Filter Forge 1.009 (HKLM-x32\...\Filter Forge_is1) (Version: - Filter Forge, Inc.)
Filter Forge 4.015 (HKLM-x32\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.)
Filter Forge 5.007 (HKLM-x32\...\Filter Forge 5_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.013 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version: - Filter Forge, Inc.)
FilterMeister 1.0 Beta 8.7 (HKLM-x32\...\FilterMeister_is1) (Version: - AFH Systems)
Filters Unlimited 2.0 (HKLM-x32\...\Filters Unlimited_is1) (Version: - )
FM Patcher 1.01 (HKLM-x32\...\FM Patcher_is1) (Version: - AFH Systems & The Plugin Site)
Fotomatic version 1.4 (HKLM-x32\...\{6022299E-440C-43DA-825F-B58BCCB570B9}_is1) (Version: 1.4 - Cybia)
G-Force (HKLM-x32\...\G-Force) (Version: 5.1.1 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Harrys Filters 4.0 (Plugin) (HKLM\...\Harrys Filters 4.0 (Plugin)_is1) (Version: - The Plugin Site)
Haunted Hotel: Phoenix Collector's Edition (HKLM-x32\...\BFG-Haunted Hotel - Phoenix Collectors Edition) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM-x32\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
HughesNet Status Meter (HKLM-x32\...\{67939A60-3C84-4556-8427-97793155AEF6}) (Version: 6.2.0 - None provided)
IcePattern 1.2 for Adobe Photoshop (HKLM-x32\...\IcePattern v 1.2. for Adobe Photoshop_is1) (Version: - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)
IncrediBackup (HKLM-x32\...\IncrediBackup) (Version: 1.0.0.1087 - IncrediMail Ltd.)
IncrediBackup (x32 Version: 1.0.0.1087 - IncrediMail) Hidden
IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
JRiver Media Center 21 (HKLM-x32\...\Media Center 21) (Version: 21 - JRiver, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kai's Power Tools 5 (HKLM-x32\...\Kai's Power Tools 5) (Version: - )
KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 5.4.6.4 - Eastman Kodak Company)
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Living Legends: Bound by Wishes Collector's Edition (HKLM-x32\...\BFG-Living Legends - Bound by Wishes Collectors Edition) (Version: - )
Mahjong Garden Deluxe (HKLM-x32\...\Mahjong Garden Deluxe) (Version: - Pogo.com)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio FireWire Driver 6.0.1 (x64) (HKLM\...\{3C33BA1B-D447-41CF-A228-84DD499F6F61}) (Version: 6.0.1 - M-Audio)
MediaFACE 4.2 (HKLM-x32\...\InstallShield_{9DFCAA7A-9B62-4468-8F91-F68150AA8BAD}) (Version: 4.2 - Fellowes)
MediaFACE 4.2 (x32 Version: 4.2 - Fellowes) Hidden
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 1.4.29.10845) (Version: 1.4.29.10845 - MediaFire)
MeshLab_64b 1.3.4BETA (HKLM-x32\...\MeshLab_64b) (Version: 1.3.4BETA - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.1 (HKLM\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
Myths of the World: Spirit Wolf Collector's Edition (HKLM-x32\...\BFG-Myths of the World - Spirit Wolf Collectors Edition) (Version: - )
namesuppressed Plaid Lite (HKLM-x32\...\PlaidLite_5QM) (Version: (v1.20) - namesuppressed)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Path Copy Copy 11.1 (HKLM\...\{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}_is1) (Version: - Charles Lechasseur)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PhotoFreebies 2.03 (Plugin) (HKLM\...\PhotoFreebies 2.03 (Plugin)_is1) (Version: - The Plugin Site)
Plugin Galaxy 1.0 (HKLM-x32\...\Plugin Galaxy 1.0_is1) (Version: - )
Plugin Galaxy 3.01 (Plugin Demo) (HKLM\...\Plugin Galaxy 3.01 (Plugin Demo)_is1) (Version: - The Plugin Site)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
PowerArchiver 2015 (HKLM-x32\...\PowerArchiver 2015 15.01.06) (Version: 15.01.06 - ConeXware, Inc.)
PowerArchiver 2015 (x32 Version: 15.01.06 - ConeXware, Inc.) Hidden
PreReq (x32 Version: 6.0.5.2 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 1.0 - Apollo Group, Inc.)
Singularity (remove only) (HKLM-x32\...\Singularity) (Version: - )
SingularityAlpha (64 bit) (remove only) (HKLM-x32\...\SingularityAlpha (64 bit)) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SP45629 - Intel Chipset Installation Utility (HKLM-x32\...\{7AB416C2-4AEC-4967-A873-E2A3B404E6EC}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)
Splat! 1.0 (HKLM-x32\...\Splat) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
Stamps.com (x32 Version: 13.3.1.3017 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2013 (x32 Version: 12.2.0.2734 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Word 2000-2013 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2013) (Version: - Stamps.com, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play (HKLM-x32\...\BFG-The Legend of Sleepy Hollow - Jar of Marbles III - Free to Play) (Version: - )
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC)
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Ulead ArtTexture.Plugin 1.0 (HKLM-x32\...\Ulead ArtTexture.Plugin 1.0) (Version: - )
Ulead GIF-X.Plugin 2.0 (HKLM-x32\...\Ulead GIF-X.Plugin 2.0) (Version: - )
Ulead Particle.Plugin 1.0 (HKLM-x32\...\Ulead Particle.Plugin 1.0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WikFonts 1.5.1.2 (HKLM-x32\...\WikFonts_1.5.1.2_is1) (Version: 1 - WikMail.com)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19EE7B53-ACA0-4312-BCA8-3DCEA71C2968} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {1B260579-139B-4158-877F-4E91BA2F5C90} - \{689543B2-D1E8-4CDB-B175-0FBAB4717638} -> No File <==== ATTENTION
Task: {20C32223-3BAC-4209-9ECB-5B3DA9FE6C22} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {27FC23D3-02FE-4745-9FB9-EE1574278F6A} - \bvyvbvyf -> No File <==== ATTENTION
Task: {2820E264-1489-448D-9CFF-D6C7D108FCCD} - \{98CC4B01-7CFC-4E52-838C-3A1AE015DA74} -> No File <==== ATTENTION
Task: {29D3780A-6541-4BA3-87AE-DAF3078DB8FE} - \User_Feed_Synchronization-{EE66B57E-A4B2-4C59-BD7E-4DEAB7DF2236} -> No File <==== ATTENTION
Task: {2C4C51A6-8A79-44FD-9B8B-7C11F6BF3A5A} - \{CCB88131-79A5-4E2F-8065-9615D6939433} -> No File <==== ATTENTION
Task: {2D5041A7-2404-4262-B22E-AAB87B7FF1B4} - \{4DB5B96E-ECFE-480F-A199-73AF5FEAD2B1} -> No File <==== ATTENTION
Task: {435B0548-4CDD-4883-99CF-C7889EEC2FD1} - \{CCA46C81-AC32-4BEF-A80B-B2C4A7B922CC} -> No File <==== ATTENTION
Task: {436322C6-7BB5-497C-9710-C13B0F59285D} - \{4E874C02-58BC-474B-9BC5-B30D3769C7A9} -> No File <==== ATTENTION
Task: {437AEF62-1AAA-429B-8EE5-5C086572A4A5} - \{C833CA22-AE31-4BF0-94AC-DD7112270425} -> No File <==== ATTENTION
Task: {478C3DB9-5A87-4E7E-AC38-5DB61CCD74E3} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {4934DE90-72F7-43BD-96E1-83C16DF54E43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {49E5A31A-F64D-48B3-BAD7-5511F8CE1743} - \{DCD51D10-F096-4FF0-87B1-8574BA8948C2} -> No File <==== ATTENTION
Task: {4C00DB0E-4071-4872-90BF-DEAB1AA855B5} - \{2294BC3A-A918-4269-93BB-E3569D509869} -> No File <==== ATTENTION
Task: {4C9FC4E7-CDC4-4518-94D8-BFDB3C3AC3D5} - \{B4BF941B-271C-477B-9B45-0CC6C612E8E7} -> No File <==== ATTENTION
Task: {4D642726-689D-4890-B755-9A5B80141AAD} - \HPCeeScheduleForAudio User -> No File <==== ATTENTION
Task: {5732D656-FBE8-4ADD-91A1-CC8A6EA694F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {5F11FC22-DCCB-4BBA-9F25-8DD76C2E478E} - \{01AFF4F1-8DA7-4FE8-B75B-7898043DCB42} -> No File <==== ATTENTION
Task: {5F5D1FB4-757C-4046-BBBF-24A6C166F87C} - \{7D8B0684-4E21-421A-9DA3-22E875D90BC5} -> No File <==== ATTENTION
Task: {620D0FA0-7AB7-45B8-9892-9EFFF77A4573} - \{5745C39A-3B26-438F-B47A-597FD044E408} -> No File <==== ATTENTION
Task: {6551D92C-827F-407E-B29B-F85A66441CC6} - \{738C6031-AEE0-4467-B021-99E56A92283C} -> No File <==== ATTENTION
Task: {68975819-C141-48CA-8E84-0A2B1E1E53CA} - \{8C4B97E4-242B-45A5-B7CA-D968019EE02D} -> No File <==== ATTENTION
Task: {6CABEBA4-CE7F-4970-914F-732DDC2E9B8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-28] (HP Inc.)
Task: {72987859-2B31-4980-94BD-38D7C855C0CF} - \{11D1D1EE-610E-4E26-9ABE-CDF087450E0E} -> No File <==== ATTENTION
Task: {7679D5E0-B6DA-4938-ACA0-ECB027F435F3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {82CB2FFC-AAB4-4494-AD13-A813CD20318B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {8AF844C1-2FE2-4A0A-A0DC-45F7068DB1FF} - \{4F0A5C75-0C96-48D0-8CAB-ED73E892BD0F} -> No File <==== ATTENTION
Task: {8CB2B761-F9A5-4D84-8917-B8ADD7E9F249} - \{4476F1CD-B142-496F-9233-397311D32C1F} -> No File <==== ATTENTION
Task: {94365D0A-7804-42B4-B90C-EB83442DDD67} - \SMW_P -> No File <==== ATTENTION
Task: {9A338660-DE8C-4787-9A17-9C7C15E44C46} - \Opera scheduled Autoupdate 1436904114 -> No File <==== ATTENTION
Task: {9C16C985-1749-4B01-9E8E-E4C1053107CC} - \{6EC65ECE-07AD-4BB1-8330-2D90306B992F} -> No File <==== ATTENTION
Task: {9DAA0B85-6A92-4DEE-9C8C-05BC6CCB07AD} - \{1D41E91B-212B-4C82-9515-D8D3BC4F3D7E} -> No File <==== ATTENTION
Task: {A163075E-C918-413E-9B49-7F4793BE782F} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {A18C2DCF-E648-4901-862F-B1B788BB4563} - \GTFPOQUOTT -> No File <==== ATTENTION
Task: {A209D341-DCB8-43A1-A1BD-BBFA09ADEE25} - \{AB1DE566-54CF-4F83-AFDE-17137BE0F280} -> No File <==== ATTENTION
Task: {A49CA0BD-E2B1-403A-A173-43A49DE8A5FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B0744C5E-0996-42BF-9B74-9BBB2D949173} - \{57453332-E9F4-4093-B4AB-8A1C0C0D5707} -> No File <==== ATTENTION
Task: {B601BC48-667A-43E3-867B-EFCC15833D08} - \AdobeAAMUpdater-1.0-AudioUser-PC-Audio User -> No File <==== ATTENTION
Task: {B86F6A4B-FB07-4676-9B80-1280DA10F0BD} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {BCD28677-D2F0-483F-BABB-1524C6F2F812} - \{CD18775E-7A9E-4167-8C63-1ADF504334D7} -> No File <==== ATTENTION
Task: {C61EA3A5-03D1-43ED-BA23-8D1264DB8E2D} - \{19B409AC-4ED8-4FE5-B771-BA649E064B40} -> No File <==== ATTENTION
Task: {C6369937-B5E2-4CE2-AE3C-E6ED819E817F} - \{EA6CE454-0CAB-4E15-8C62-9BAD01D34962} -> No File <==== ATTENTION
Task: {C69307F9-A159-4E7F-87A8-E4CB77B20CA3} - \{EA478442-06BD-40D9-99EE-E2A5D4EF31B5} -> No File <==== ATTENTION
Task: {C94419C8-629F-4021-B8CB-D9D33151BB45} - \{51B09220-0A0A-4302-B129-FCD1119106BA} -> No File <==== ATTENTION
Task: {D349114A-41F1-4752-B809-8FE29E70CE9D} - \{B0A151AA-7659-482A-8D0E-4C3270186686} -> No File <==== ATTENTION
Task: {D3DE2350-202E-41E3-BE63-A9F6E599113A} - \{09C97923-5FCE-4D37-9528-6A5DA8E5C872} -> No File <==== ATTENTION
Task: {D604963D-C8AC-4493-9C14-999289A6223C} - \{E752D505-44E8-4FB0-944C-C994CA17BE39} -> No File <==== ATTENTION
Task: {DBFC5F69-9871-4D0B-ABE9-FE5B915C98D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E42D372E-A225-41BD-A22B-C2A930D8CB5C} - \RunAsStdUser Task -> No File <==== ATTENTION
Task: {EB2BB628-B3BA-4E35-87E8-30A675472AA8} - \{422A65CB-1FCB-4305-AA2B-F7A0BE88ABF4} -> No File <==== ATTENTION
Task: {F3957B62-6ECC-4919-883E-21830E80978F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-28] (HP Inc.)
Task: {FA219EF0-3BA8-461B-AEDA-C1267AD4056D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAudio User.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Audio User\AppData\Local\ba75\5e9c.lnk -> C:\Users\Audio User\AppData\Local\ba75\88f9.bat (No File)
Shortcut: C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2015-06-02 11:18 - 2015-06-02 11:18 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-17 10:18 - 2013-07-29 19:38 - 00463360 _____ () C:\Program Files\Path Copy Copy\PCC64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0738A6D5 [336]
AlternateDataStreams: C:\ProgramData\TEMP:090FB735 [120]
AlternateDataStreams: C:\ProgramData\TEMP:092BD83A [460]
AlternateDataStreams: C:\ProgramData\TEMP:0FA1FA1F [226]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [234]
AlternateDataStreams: C:\ProgramData\TEMP:1B506EA3 [121]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]
AlternateDataStreams: C:\ProgramData\TEMP:1D5FADCD [238]
AlternateDataStreams: C:\ProgramData\TEMP:1FF82161 [233]
AlternateDataStreams: C:\ProgramData\TEMP:219DB32E [247]
AlternateDataStreams: C:\ProgramData\TEMP:236FF5C6 [228]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2D5180DD [243]
AlternateDataStreams: C:\ProgramData\TEMP:2DB4FB78 [251]
AlternateDataStreams: C:\ProgramData\TEMP:31403DF7 [133]
AlternateDataStreams: C:\ProgramData\TEMP:320208DA [510]
AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4 [252]
AlternateDataStreams: C:\ProgramData\TEMP:3C8B784A [286]
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 [484]
AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2 [236]
AlternateDataStreams: C:\ProgramData\TEMP:4FD3435F [246]
AlternateDataStreams: C:\ProgramData\TEMP:5106F19A [131]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [520]
AlternateDataStreams: C:\ProgramData\TEMP:605645B0 [147]
AlternateDataStreams: C:\ProgramData\TEMP:63BA523E [245]
AlternateDataStreams: C:\ProgramData\TEMP:63C48B80 [243]
AlternateDataStreams: C:\ProgramData\TEMP:667D4A95 [235]
AlternateDataStreams: C:\ProgramData\TEMP:669AB5E1 [232]
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73 [388]
AlternateDataStreams: C:\ProgramData\TEMP:6F604181 [227]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [332]
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639 [175]
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7 [147]
AlternateDataStreams: C:\ProgramData\TEMP:82D85D00 [140]
AlternateDataStreams: C:\ProgramData\TEMP:89B7A4D9 [230]
AlternateDataStreams: C:\ProgramData\TEMP:8C84E358 [147]
AlternateDataStreams: C:\ProgramData\TEMP:92D35C13 [143]
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [141]
AlternateDataStreams: C:\ProgramData\TEMP:9A6195F4 [498]
AlternateDataStreams: C:\ProgramData\TEMP:9FB6814A [137]
AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9 [252]
AlternateDataStreams: C:\ProgramData\TEMP:C5A156B6 [233]
AlternateDataStreams: C:\ProgramData\TEMP:CA1F3AC3 [233]
AlternateDataStreams: C:\ProgramData\TEMP:CF8AEC6E [292]
AlternateDataStreams: C:\ProgramData\TEMP:DBB979D4 [242]
AlternateDataStreams: C:\ProgramData\TEMP:DC938322 [243]
AlternateDataStreams: C:\ProgramData\TEMP:E3615992 [132]
AlternateDataStreams: C:\ProgramData\TEMP:EC970DB6 [472]
AlternateDataStreams: C:\ProgramData\TEMP:ED2D63E4 [133]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [498]
AlternateDataStreams: C:\ProgramData\TEMP:EF69BA58 [488]
AlternateDataStreams: C:\ProgramData\TEMP:F74EC668 [464]
AlternateDataStreams: C:\ProgramData\TEMP:F9000065 [178]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-07-09 02:27 - 00450732 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1   localhost127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15461 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 67.142.172.20 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: Media Center 19 Service => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: vToolbarUpdater14.0.1 => 2
MSCONFIG\startupfolder: C:^Users^Audio User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe => C:\Windows\pss\PowerReg Scheduler.exe.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Box Edit => C:\Users\Audio User\AppData\Local\Box\Box Edit\Box Edit.exe
MSCONFIG\startupreg: Box Local Com Server => C:\Users\Audio User\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
MSCONFIG\startupreg: Browser Infrastructure Helper =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
MSCONFIG\startupreg: CucusoftNetGuard => "C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe" /boot
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: Facebook Update =>
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: HughesNetStatusMeter => "C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\MAFWTray.exe
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe
MSCONFIG\startupreg: MediaFire Tray => "C:\Users\Audio User\AppData\Local\MediaFire Desktop\mf_watch.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: tsiVideo => C:\Windows\SysWOW64\rundll32.exe C:\Users\AUDIOU~1\AppData\Local\Temp\mdi364.dll,fjasdfn
MSCONFIG\startupreg: vProt =>
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8E3F7B6A-1CFB-4156-AB42-2E25586D4E5F}C:\program files (x86)\singularity\slvoice.exe] => (Allow) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [UDP Query User{1FD5FE05-28DF-4640-83D4-2376B9413E9A}C:\program files (x86)\singularity\slvoice.exe] => (Allow) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [{EBD8F952-8071-42CF-A83A-993963D74F8A}] => (Block) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [{76294E70-7C8F-4F9B-855F-FC4FD9740FFF}] => (Block) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [TCP Query User{B3FD51A9-5391-49E6-A312-AE0E0132C77A}C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe
FirewallRules: [UDP Query User{398DCE24-7E59-4F97-99F8-73F10B82DB70}C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe
FirewallRules: [TCP Query User{7393E034-D0BA-4AF3-915B-5F4A3038444C}C:\program files (x86)\j river\media center 19\media center 19.exe] => (Allow) C:\program files (x86)\j river\media center 19\media center 19.exe
FirewallRules: [UDP Query User{F6E178FE-9A9F-4EE1-9D3D-BC0EF286AA8C}C:\program files (x86)\j river\media center 19\media center 19.exe] => (Allow) C:\program files (x86)\j river\media center 19\media center 19.exe
FirewallRules: [TCP Query User{0ECA8386-1AD4-4732-91BD-49271DEEA493}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [UDP Query User{DEC97D05-14B7-41EC-BE91-5ED7A5C75776}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [TCP Query User{D0BABFB1-08DC-4599-8CC2-853D5928F122}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [UDP Query User{BEEB56D6-1F63-4166-BE38-70F7E0D708FE}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [TCP Query User{71BD7307-3C2C-43CF-A8DE-D09E024C339D}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [UDP Query User{F8A210B9-7DF0-4F45-BF2F-99C13D3362C1}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [{0725EB88-7E10-40DE-B425-2FCD4CA78576}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImPackr.exe
FirewallRules: [{5F3F46CD-DFC8-4EC7-BBDF-F83EFA2B9BCF}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImPackr.exe
FirewallRules: [{5FE466C0-C0D4-40F0-A088-A6CCCCD72E1D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F7AFE0A4-A416-4AB5-8622-63F17FE8F35F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{77DF6586-665F-44A5-ABCB-60EE05A5F8F7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6CF15CDD-E582-423F-AD93-6AF7D02D90E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{E59ED76D-4B2C-4712-881F-11A0BC3D4FB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72E8112A-7F6B-4D76-BA07-52BC09F1E026}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{4329A88A-55B3-4452-87D4-B80036D0AF4A}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{AD078D95-74DE-4E62-9819-CA7E22B4BC85}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{D11FCBF6-BF45-4CEE-84E1-9D19B4852BB4}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{75042DCB-4283-462E-933B-4EFBDB3E49FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31501705-9F07-4FA3-86A1-A007B44DEE46}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E415958-4029-4170-B081-EACAA246C847}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{AA64215A-9700-41C5-8EF1-A94173C50364}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{14D65D09-E1F7-40DE-B8D0-CA42BF7D4A56}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{DDA99010-6C92-429F-98A8-D49039F91010}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{EAE21488-9FEE-4942-B715-1E1C4458CE75}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C698C698-B0BF-44FE-B7A5-BB66F98853C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2854E073-511B-4AD0-A8F5-9825BF33F09C}] => (Allow) LPort=9322
FirewallRules: [{B09EB2B5-7105-4034-AEAA-31AC56C38201}] => (Allow) LPort=5353
FirewallRules: [{AE9E39F4-130D-41D5-A2F1-37A16F47E97B}] => (Allow) LPort=9322
FirewallRules: [{D4AA43ED-52D6-4365-BC7B-95F113795DD1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2736EF24-BB95-4B3B-9AF0-CAA1441994FB}] => (Allow) LPort=2869
FirewallRules: [{6EFE16ED-6A37-45A3-ADFD-128296A81E27}] => (Allow) LPort=1900
FirewallRules: [{9AC82F8F-591F-4B03-9723-ABDD00B811D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{69884C28-D093-4F11-AF9E-1DC1632F2210}] => (Allow) J:\MY DOWNLOADS FROM C- DRIVE\IM Content\incredimail_install.exe
FirewallRules: [{9EA9C0EB-4B73-4460-8D56-25484169618E}] => (Allow) J:\MY DOWNLOADS FROM C- DRIVE\IM Content\incredimail_install.exe
FirewallRules: [{58279CFE-05D1-4320-B919-C977D783BD34}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImLc.exe
FirewallRules: [{52D0C9CB-E631-493D-8321-05F5A74B6A6A}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImLc.exe
FirewallRules: [{00BF5641-7E53-4228-AEB0-7133B7132F53}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImpCnt.exe
FirewallRules: [{F18022E9-B45F-434E-A9F2-ECEB9B5A021B}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImpCnt.exe
FirewallRules: [{CB9DE516-A204-4B9B-AE44-D14988BC244C}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
FirewallRules: [{54DE2D8C-8B93-4A71-B1C0-692295A951D2}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
FirewallRules: [{4378BB63-619B-4B17-9236-2524F56AFFAC}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImLc.exe
FirewallRules: [{D7C2FD1F-E88A-4026-BA8D-67202606B0BD}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImLc.exe
FirewallRules: [{26BE6C7B-6EE2-4D91-959C-98D094F73375}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImpCnt.exe
FirewallRules: [{78403DF8-758B-4338-B49D-2443F6224D6F}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImpCnt.exe
FirewallRules: [{0733C99B-A9CF-433A-9360-E5BF04A1B849}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
FirewallRules: [{B868B06E-FCF4-4D0A-B713-5211E59122CB}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
FirewallRules: [{D742ECA1-8886-49D3-B28E-D74BC387ABCE}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
FirewallRules: [{0BEA6E5E-C1C1-44E1-9207-505EBF802335}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
FirewallRules: [{096E6466-15FE-405A-9F8E-5FDF1C3A1C24}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
FirewallRules: [{EF915507-132D-4212-BF46-7800B3F4A5F6}] => (Allow) C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
FirewallRules: [{B5D9FD9B-1789-4B0E-B386-3BF967B251A3}] => (Allow) C:\Users\Audio User\AppData\Local\Temp\APZJPKZUG7\chromedriver.exe
FirewallRules: [{6D5B420B-65E7-4281-92EB-B8C807873F37}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{A565ADBC-0A68-48E4-89C2-9B4246215BED}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{52BFC686-E253-4F66-9097-AC21984985E0}] => (Allow) C:\Users\Audio User\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{7ABD5A73-95FB-4AD3-9417-8BE442C3F37D}] => (Allow) C:\Users\Audio User\AppData\Local\Temp\MPCOnline\MPCDownload.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

12-07-2016 05:32:42 Windows Update
13-07-2016 03:19:16 Windows Update
14-07-2016 08:26:11 Removed Apple Application Support
14-07-2016 08:28:41 Removed Apple Software Update

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2016 04:11:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (07/18/2016 04:08:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (07/17/2016 11:28:37 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x80070005
Partial Pkey=7HKHR
ACID=?
Detailed Error[?]

Error: (07/17/2016 11:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ekdiscovery.exe, version: 5.4.6.3, time stamp: 0x4c815873
Faulting module name: ekdiscovery.exe, version: 5.4.6.3, time stamp: 0x4c815873
Exception code: 0xc0000005
Fault offset: 0x0000b9f9
Faulting process id: 0xbf4
Faulting application start time: 0xekdiscovery.exe0
Faulting application path: ekdiscovery.exe1
Faulting module path: ekdiscovery.exe2
Report Id: ekdiscovery.exe3

Error: (07/17/2016 10:09:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x1f24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/17/2016 10:09:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x1850
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/17/2016 08:56:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Allpcoptimizer.exe, version: 2.0.0.1, time stamp: 0x57469eb4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x2b30
Faulting application start time: 0xAllpcoptimizer.exe0
Faulting application path: Allpcoptimizer.exe1
Faulting module path: Allpcoptimizer.exe2
Report Id: Allpcoptimizer.exe3

Error: (07/17/2016 08:56:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Allpcoptimizer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at WinPCOptimizer.App.Main()

Error: (07/17/2016 08:49:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QuickCleanerUS2.exe, version: 1.0.0.0, time stamp: 0x572afa3a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x2e2c
Faulting application start time: 0xQuickCleanerUS2.exe0
Faulting application path: QuickCleanerUS2.exe1
Faulting module path: QuickCleanerUS2.exe2
Report Id: QuickCleanerUS2.exe3

Error: (07/17/2016 08:49:48 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: QuickCleanerUS2.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.EntryPointNotFoundException
Stack:
   at QuickCleaner.MainFrom.SetMainFormWindow(IntPtr)
   at QuickCleaner.MainFrom.Main(System.String[])

System errors:
=============
Error: (07/18/2016 05:07:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:07:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:07:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/18/2016 05:02:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2014-09-11 15:51:30.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 14:16:06.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 09:40:32.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 06:42:44.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 06:30:25.361
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 11:13:06.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 10:41:08.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 07:59:08.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 07:18:40.312
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-08 06:53:52.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 27%
Total physical RAM: 6134.87 MB
Available physical RAM: 4462.23 MB
Total Virtual: 12567.93 MB
Available Virtual: 11106.29 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:239.58 GB) (Free:117.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.78 GB) (Free:0.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Fixed) (Total:0.11 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (MY BOOK) (Fixed) (Total:298.01 GB) (Free:114.47 GB) FAT32
Drive k: (Graphics) (Fixed) (Total:209.1 GB) (Free:135.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 580F697D)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=117 MB) - (Type=42)
Partition 3: (Not Active) - (Size=82 MB) - (Type=42)
Partition 4: (Not Active) - (Size=239.6 GB) - (Type=42)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End of Addition.txt ============================

#4
zep516

Posted 19 July 2016 - 03:21 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

The web site may have been down this am, couldn't get to it either.

Lots do do here various infections / adware.

Download the enclosed =>

fixlist.txt 15.71KB 173 downloads Save it in the location FRST64 is Your downloads folder. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is (Your downloads folder.) (Fixlog.txt). Please post it to your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
[list]

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

In your next reply post;
Fixlog.txt
The AdwCleaner [C1].txt Log
The JRT.txt Log

#5
Icey1950

Posted 20 July 2016 - 10:51 AM

Member

Topic Starter
Member
49 posts

Hi Zep516,

I may have done these a little backwards but the fix file was not in the email, if I need to correct anything please let me know, I so appreciate your help, things seem to be better already.

Thanks,

Icey

Here are all the Logs you've requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by Audio User (2016-07-20 12:33:14) Run:1
Running from C:\FRST
Loaded Profiles: Audio User (Available Profiles: Audio User & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [cpuminer] => C:\Users\Audio User\AppData\Roaming\cpuminer\cpm.exe
HKLM\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKLM\...\RunOnce: [OTUTPRODUCT_CWVQN] => "C:\Program Files (x86)\mpck\otutnetwork.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\ProgramData\Zonekix\PlusTough.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Zonekix\Stimis.dll => No File
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => No File
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => No File
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GeekBuddy.lnk [2016-07-17]
ShortcutTarget: GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.pogo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000 -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Tanfuurpeubota -> {764447F3-A06A-4432-8788-F04BC76DECE3} -> C:\Program Files\Tanfuurpeubota\Keeio64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {D3EE7876-057D-431E-8848-3D1A3EDC4F59} -> No File
BHO-x32: Tanfuurpeubota -> {764447F3-A06A-4432-8788-F04BC76DECE3} -> C:\Program Files\Tanfuurpeubota\Keeio.dll => No File
BHO-x32: No Name -> {D3EE7876-057D-431E-8848-3D1A3EDC4F59} -> No File
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G7Hzftpbl0cshmoAR,f105e1c5-37f4-4be8-b3d3-4517333acd0d,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G7Hzftpbl0cshmoAR,f105e1c5-37f4-4be8-b3d3-4517333acd0d,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G7Hzftpbl0cshmoAR,f105e1c5-37f4-4be8-b3d3-4517333acd0d,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [X]
S2 E945B08D-A156-4A92-941E-F97888CD7E6E; "C:\Program Files\Tanfuurpeubota\Ekitgu.exe" [X]
S2 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X]
S4 GTFPOQUOTT Updater; C:\Program Files (x86)\GTFPOQUOTT Updater\GTFPOQUOTT Updater.exe [X]
S2 Komjokj; "C:\Users\Audio User\AppData\Roaming\HoyiPaawur\Kaotwodx.exe" -cms [X]
S2 Kouns; "C:\Users\Audio User\AppData\Roaming\SivmuUphem\Wephhik.exe" -cms [X]
S2 Lhpalauf; "C:\Users\Audio User\AppData\Roaming\Kiwlikdou\Kiwlikdou.exe" -cms [X]
S2 OutfoxTvService; no ImagePath
S2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service [X]
S2 Tanfuurpeubota Updater; C:\Program Files\Tanfuurpeubota\Jooukvo.exe [X]
S2 Uuoha; "C:\Users\Audio User\AppData\Roaming\Fupbyorc\Fupbyorc.exe" -cms [X]
S2 Zonekix; C:\ProgramData\\Zonekix\\Zonekix.exe shuz -f "C:\ProgramData\\Zonekix\\Zonekix.dat" -l -a
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S3 SMUpdd; \??\C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [X]
U4 WSearch; no ImagePath
2016-07-17 08:44 - 2016-07-17 12:42 - 00000000 ____D C:\ProgramData\b70986d7-6261-1
2016-07-17 08:44 - 2016-07-17 12:42 - 00000000 ____D C:\ProgramData\b70986d7-10e5-0
2016-07-17 08:44 - 2016-07-17 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-07-17 08:32 - 2016-07-17 08:32 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-17 08:32 - 2016-07-17 08:32 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-07-17 08:32 - 2016-07-17 08:32 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-07-17 07:38 - 2016-07-17 07:38 - 00027456 _____ C:\Windows\system32\Drivers\bsdpf64.sys
2016-07-17 07:38 - 2016-07-17 07:38 - 00026944 _____ C:\Windows\system32\Drivers\bsdpr64.sys
2016-07-12 02:34 - 2016-07-12 02:37 - 00000140 _____ C:\Windows\Reimage.ini
2016-05-18 15:36 - 2016-05-18 15:36 - 00005632 _____ C:\Users\Audio User\AppData\Local\ddnow4.exe
2016-05-18 15:35 - 2016-05-18 15:35 - 00005120 _____ C:\Users\Audio User\AppData\Local\ddnow.exe
2016-05-12 15:45 - 2016-05-12 15:45 - 00007680 _____ C:\Users\Audio User\AppData\Local\tinstall4.exe
C:\ProgramData\smp2.exe
Task: {19EE7B53-ACA0-4312-BCA8-3DCEA71C2968} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {1B260579-139B-4158-877F-4E91BA2F5C90} - \{689543B2-D1E8-4CDB-B175-0FBAB4717638} -> No File <==== ATTENTION
Task: {27FC23D3-02FE-4745-9FB9-EE1574278F6A} - \bvyvbvyf -> No File <==== ATTENTION
Task: {2820E264-1489-448D-9CFF-D6C7D108FCCD} - \{98CC4B01-7CFC-4E52-838C-3A1AE015DA74} -> No File <==== ATTENTION
Task: {29D3780A-6541-4BA3-87AE-DAF3078DB8FE} - \User_Feed_Synchronization-{EE66B57E-A4B2-4C59-BD7E-4DEAB7DF2236} -> No File <==== ATTENTION
Task: {2C4C51A6-8A79-44FD-9B8B-7C11F6BF3A5A} - \{CCB88131-79A5-4E2F-8065-9615D6939433} -> No File <==== ATTENTION
Task: {2D5041A7-2404-4262-B22E-AAB87B7FF1B4} - \{4DB5B96E-ECFE-480F-A199-73AF5FEAD2B1} -> No File <==== ATTENTION
Task: {435B0548-4CDD-4883-99CF-C7889EEC2FD1} - \{CCA46C81-AC32-4BEF-A80B-B2C4A7B922CC} -> No File <==== ATTENTION
Task: {436322C6-7BB5-497C-9710-C13B0F59285D} - \{4E874C02-58BC-474B-9BC5-B30D3769C7A9} -> No File <==== ATTENTION
Task: {437AEF62-1AAA-429B-8EE5-5C086572A4A5} - \{C833CA22-AE31-4BF0-94AC-DD7112270425} -> No File <==== ATTENTION
Task: {478C3DB9-5A87-4E7E-AC38-5DB61CCD74E3} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {49E5A31A-F64D-48B3-BAD7-5511F8CE1743} - \{DCD51D10-F096-4FF0-87B1-8574BA8948C2} -> No File <==== ATTENTION
Task: {4C00DB0E-4071-4872-90BF-DEAB1AA855B5} - \{2294BC3A-A918-4269-93BB-E3569D509869} -> No File <==== ATTENTION
Task: {4C9FC4E7-CDC4-4518-94D8-BFDB3C3AC3D5} - \{B4BF941B-271C-477B-9B45-0CC6C612E8E7} -> No File <==== ATTENTION
Task: {4D642726-689D-4890-B755-9A5B80141AAD} - \HPCeeScheduleForAudio User -> No File <==== ATTENTION
Task: {5732D656-FBE8-4ADD-91A1-CC8A6EA694F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {5F11FC22-DCCB-4BBA-9F25-8DD76C2E478E} - \{01AFF4F1-8DA7-4FE8-B75B-7898043DCB42} -> No File <==== ATTENTION
Task: {5F5D1FB4-757C-4046-BBBF-24A6C166F87C} - \{7D8B0684-4E21-421A-9DA3-22E875D90BC5} -> No File <==== ATTENTION
Task: {620D0FA0-7AB7-45B8-9892-9EFFF77A4573} - \{5745C39A-3B26-438F-B47A-597FD044E408} -> No File <==== ATTENTION
Task: {6551D92C-827F-407E-B29B-F85A66441CC6} - \{738C6031-AEE0-4467-B021-99E56A92283C} -> No File <==== ATTENTION
Task: {68975819-C141-48CA-8E84-0A2B1E1E53CA} - \{8C4B97E4-242B-45A5-B7CA-D968019EE02D} -> No File <==== ATTENTION
Task: {72987859-2B31-4980-94BD-38D7C855C0CF} - \{11D1D1EE-610E-4E26-9ABE-CDF087450E0E} -> No File <==== ATTENTION
Task: {7679D5E0-B6DA-4938-ACA0-ECB027F435F3} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8AF844C1-2FE2-4A0A-A0DC-45F7068DB1FF} - \{4F0A5C75-0C96-48D0-8CAB-ED73E892BD0F} -> No File <==== ATTENTION
Task: {8CB2B761-F9A5-4D84-8917-B8ADD7E9F249} - \{4476F1CD-B142-496F-9233-397311D32C1F} -> No File <==== ATTENTION
Task: {94365D0A-7804-42B4-B90C-EB83442DDD67} - \SMW_P -> No File <==== ATTENTION
Task: {9A338660-DE8C-4787-9A17-9C7C15E44C46} - \Opera scheduled Autoupdate 1436904114 -> No File <==== ATTENTION
Task: {9C16C985-1749-4B01-9E8E-E4C1053107CC} - \{6EC65ECE-07AD-4BB1-8330-2D90306B992F} -> No File <==== ATTENTION
Task: {9DAA0B85-6A92-4DEE-9C8C-05BC6CCB07AD} - \{1D41E91B-212B-4C82-9515-D8D3BC4F3D7E} -> No File <==== ATTENTION
Task: {A163075E-C918-413E-9B49-7F4793BE782F} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {A18C2DCF-E648-4901-862F-B1B788BB4563} - \GTFPOQUOTT -> No File <==== ATTENTION
Task: {A209D341-DCB8-43A1-A1BD-BBFA09ADEE25} - \{AB1DE566-54CF-4F83-AFDE-17137BE0F280} -> No File <==== ATTENTION
Task: {A49CA0BD-E2B1-403A-A173-43A49DE8A5FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B0744C5E-0996-42BF-9B74-9BBB2D949173} - \{57453332-E9F4-4093-B4AB-8A1C0C0D5707} -> No File <==== ATTENTION
Task: {B601BC48-667A-43E3-867B-EFCC15833D08} - \AdobeAAMUpdater-1.0-AudioUser-PC-Audio User -> No File <==== ATTENTION
Task: {B86F6A4B-FB07-4676-9B80-1280DA10F0BD} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {BCD28677-D2F0-483F-BABB-1524C6F2F812} - \{CD18775E-7A9E-4167-8C63-1ADF504334D7} -> No File <==== ATTENTION
Task: {C61EA3A5-03D1-43ED-BA23-8D1264DB8E2D} - \{19B409AC-4ED8-4FE5-B771-BA649E064B40} -> No File <==== ATTENTION
Task: {C6369937-B5E2-4CE2-AE3C-E6ED819E817F} - \{EA6CE454-0CAB-4E15-8C62-9BAD01D34962} -> No File <==== ATTENTION
Task: {C69307F9-A159-4E7F-87A8-E4CB77B20CA3} - \{EA478442-06BD-40D9-99EE-E2A5D4EF31B5} -> No File <==== ATTENTION
Task: {C94419C8-629F-4021-B8CB-D9D33151BB45} - \{51B09220-0A0A-4302-B129-FCD1119106BA} -> No File <==== ATTENTION
Task: {D349114A-41F1-4752-B809-8FE29E70CE9D} - \{B0A151AA-7659-482A-8D0E-4C3270186686} -> No File <==== ATTENTION
Task: {D3DE2350-202E-41E3-BE63-A9F6E599113A} - \{09C97923-5FCE-4D37-9528-6A5DA8E5C872} -> No File <==== ATTENTION
Task: {D604963D-C8AC-4493-9C14-999289A6223C} - \{E752D505-44E8-4FB0-944C-C994CA17BE39} -> No File <==== ATTENTION
Task: {E42D372E-A225-41BD-A22B-C2A930D8CB5C} - \RunAsStdUser Task -> No File <==== ATTENTION
Task: {EB2BB628-B3BA-4E35-87E8-30A675472AA8} - \{422A65CB-1FCB-4305-AA2B-F7A0BE88ABF4} -> No File <==== ATTENTION
C:\Users\Audio User\AppData\Local\ba75\5e9c.lnk -> C:\Users\Audio User\AppData\Local\ba75\88f9.bat (No File)
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:0738A6D5 [336]
AlternateDataStreams: C:\ProgramData\TEMP:090FB735 [120]
AlternateDataStreams: C:\ProgramData\TEMP:092BD83A [460]
AlternateDataStreams: C:\ProgramData\TEMP:0FA1FA1F [226]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [234]
AlternateDataStreams: C:\ProgramData\TEMP:1B506EA3 [121]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]
AlternateDataStreams: C:\ProgramData\TEMP:1D5FADCD [238]
AlternateDataStreams: C:\ProgramData\TEMP:1FF82161 [233]
AlternateDataStreams: C:\ProgramData\TEMP:219DB32E [247]
AlternateDataStreams: C:\ProgramData\TEMP:236FF5C6 [228]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2D5180DD [243]
AlternateDataStreams: C:\ProgramData\TEMP:2DB4FB78 [251]
AlternateDataStreams: C:\ProgramData\TEMP:31403DF7 [133]
AlternateDataStreams: C:\ProgramData\TEMP:320208DA [510]
AlternateDataStreams: C:\ProgramData\TEMP:3BDF57F4 [252]
AlternateDataStreams: C:\ProgramData\TEMP:3C8B784A [286]
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 [484]
AlternateDataStreams: C:\ProgramData\TEMP:4762F1D2 [236]
AlternateDataStreams: C:\ProgramData\TEMP:4FD3435F [246]
AlternateDataStreams: C:\ProgramData\TEMP:5106F19A [131]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [520]
AlternateDataStreams: C:\ProgramData\TEMP:605645B0 [147]
AlternateDataStreams: C:\ProgramData\TEMP:63BA523E [245]
AlternateDataStreams: C:\ProgramData\TEMP:63C48B80 [243]
AlternateDataStreams: C:\ProgramData\TEMP:667D4A95 [235]
AlternateDataStreams: C:\ProgramData\TEMP:669AB5E1 [232]
AlternateDataStreams: C:\ProgramData\TEMP:6B2FBF73 [388]
AlternateDataStreams: C:\ProgramData\TEMP:6F604181 [227]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [332]
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639 [175]
AlternateDataStreams: C:\ProgramData\TEMP:82756AB7 [147]
AlternateDataStreams: C:\ProgramData\TEMP:82D85D00 [140]
AlternateDataStreams: C:\ProgramData\TEMP:89B7A4D9 [230]
AlternateDataStreams: C:\ProgramData\TEMP:8C84E358 [147]
AlternateDataStreams: C:\ProgramData\TEMP:92D35C13 [143]
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [141]
AlternateDataStreams: C:\ProgramData\TEMP:9A6195F4 [498]
AlternateDataStreams: C:\ProgramData\TEMP:9FB6814A [137]
AlternateDataStreams: C:\ProgramData\TEMP:C3E7F2E9 [252]
AlternateDataStreams: C:\ProgramData\TEMP:C5A156B6 [233]
AlternateDataStreams: C:\ProgramData\TEMP:CA1F3AC3 [233]
AlternateDataStreams: C:\ProgramData\TEMP:CF8AEC6E [292]
AlternateDataStreams: C:\ProgramData\TEMP:DBB979D4 [242]
AlternateDataStreams: C:\ProgramData\TEMP:DC938322 [243]
AlternateDataStreams: C:\ProgramData\TEMP:E3615992 [132]
AlternateDataStreams: C:\ProgramData\TEMP:EC970DB6 [472]
AlternateDataStreams: C:\ProgramData\TEMP:ED2D63E4 [133]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [498]
AlternateDataStreams: C:\ProgramData\TEMP:EF69BA58 [488]
AlternateDataStreams: C:\ProgramData\TEMP:F74EC668 [464]
AlternateDataStreams: C:\ProgramData\TEMP:F9000065 [178]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
FirewallRules: [{1E415958-4029-4170-B081-EACAA246C847}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{AA64215A-9700-41C5-8EF1-A94173C50364}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{14D65D09-E1F7-40DE-B8D0-CA42BF7D4A56}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{DDA99010-6C92-429F-98A8-D49039F91010}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{72E8112A-7F6B-4D76-BA07-52BC09F1E026}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{4329A88A-55B3-4452-87D4-B80036D0AF4A}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{AD078D95-74DE-4E62-9819-CA7E22B4BC85}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{D11FCBF6-BF45-4CEE-84E1-9D19B4852BB4}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpuminer => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\applica => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OTUTPRODUCT_CWVQN => value not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"C:\ProgramData\Zonekix\PlusTough.dll" => Value data not found.
"C:\ProgramData\Zonekix\Stimis.dll" => Value data not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconError" => key removed successfully
HKCR\CLSID\{5EE8C634-CDC0-453D-9731-DF0B19F4E807} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconReadOnly" => key removed successfully
HKCR\CLSID\{7995D0FC-769B-4197-AEC0-991921CB99E1} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconSynched" => key removed successfully
HKCR\CLSID\{9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1MediaFireIconSyncing" => key removed successfully
HKCR\CLSID\{C4D81971-6B13-4173-AB21-F83AD20CCC04} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\MediaFireIconLock" => key removed successfully
HKCR\CLSID\{759F3E92-F4E8-4953-8315-238B8B17E0F3} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GeekBuddy.lnk => moved successfully
C:\Program Files\COMODO\GeekBuddy\launcher.exe => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{764447F3-A06A-4432-8788-F04BC76DECE3}" => key removed successfully
HKCR\CLSID\{764447F3-A06A-4432-8788-F04BC76DECE3} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3EE7876-057D-431E-8848-3D1A3EDC4F59} => key not found.
HKCR\CLSID\{D3EE7876-057D-431E-8848-3D1A3EDC4F59} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{764447F3-A06A-4432-8788-F04BC76DECE3} => key not found.
HKCR\Wow6432Node\CLSID\{764447F3-A06A-4432-8788-F04BC76DECE3} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3EE7876-057D-431E-8848-3D1A3EDC4F59} => key not found.
HKCR\Wow6432Node\CLSID\{D3EE7876-057D-431E-8848-3D1A3EDC4F59} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
CLPSLauncher => service not found.
E945B08D-A156-4A92-941E-F97888CD7E6E => service not found.
GeekBuddyRSP => service not found.
GTFPOQUOTT Updater => service not found.
Komjokj => service not found.
Kouns => service not found.
Lhpalauf => service not found.
OutfoxTvService => service not found.
SMUpd => service not found.
Tanfuurpeubota Updater => service not found.
Uuoha => service not found.
Zonekix => service not found.
MPCKpt => service not found.
SMUpdd => service not found.
WSearch => service removed successfully
"C:\ProgramData\b70986d7-6261-1" => not found.
"C:\ProgramData\b70986d7-10e5-0" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO" => not found.
C:\Users\Public\Documents\Tools => moved successfully
"C:\Users\Public\Documents\Guid" => not found.
C:\Users\Public\Documents\Baidu => moved successfully
"C:\Windows\system32\Drivers\bsdpf64.sys" => not found.
"C:\Windows\system32\Drivers\bsdpr64.sys" => not found.
"C:\Windows\Reimage.ini" => not found.
"C:\Users\Audio User\AppData\Local\ddnow4.exe" => not found.
"C:\Users\Audio User\AppData\Local\ddnow.exe" => not found.
"C:\Users\Audio User\AppData\Local\tinstall4.exe" => not found.
"C:\ProgramData\smp2.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19EE7B53-ACA0-4312-BCA8-3DCEA71C2968}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19EE7B53-ACA0-4312-BCA8-3DCEA71C2968}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B260579-139B-4158-877F-4E91BA2F5C90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B260579-139B-4158-877F-4E91BA2F5C90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{689543B2-D1E8-4CDB-B175-0FBAB4717638}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27FC23D3-02FE-4745-9FB9-EE1574278F6A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27FC23D3-02FE-4745-9FB9-EE1574278F6A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvyf => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2820E264-1489-448D-9CFF-D6C7D108FCCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2820E264-1489-448D-9CFF-D6C7D108FCCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{98CC4B01-7CFC-4E52-838C-3A1AE015DA74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29D3780A-6541-4BA3-87AE-DAF3078DB8FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29D3780A-6541-4BA3-87AE-DAF3078DB8FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{EE66B57E-A4B2-4C59-BD7E-4DEAB7DF2236}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C4C51A6-8A79-44FD-9B8B-7C11F6BF3A5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C4C51A6-8A79-44FD-9B8B-7C11F6BF3A5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CCB88131-79A5-4E2F-8065-9615D6939433}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D5041A7-2404-4262-B22E-AAB87B7FF1B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D5041A7-2404-4262-B22E-AAB87B7FF1B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DB5B96E-ECFE-480F-A199-73AF5FEAD2B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{435B0548-4CDD-4883-99CF-C7889EEC2FD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{435B0548-4CDD-4883-99CF-C7889EEC2FD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CCA46C81-AC32-4BEF-A80B-B2C4A7B922CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{436322C6-7BB5-497C-9710-C13B0F59285D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{436322C6-7BB5-497C-9710-C13B0F59285D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E874C02-58BC-474B-9BC5-B30D3769C7A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{437AEF62-1AAA-429B-8EE5-5C086572A4A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{437AEF62-1AAA-429B-8EE5-5C086572A4A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C833CA22-AE31-4BF0-94AC-DD7112270425}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{478C3DB9-5A87-4E7E-AC38-5DB61CCD74E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{478C3DB9-5A87-4E7E-AC38-5DB61CCD74E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49E5A31A-F64D-48B3-BAD7-5511F8CE1743}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49E5A31A-F64D-48B3-BAD7-5511F8CE1743}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DCD51D10-F096-4FF0-87B1-8574BA8948C2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C00DB0E-4071-4872-90BF-DEAB1AA855B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C00DB0E-4071-4872-90BF-DEAB1AA855B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2294BC3A-A918-4269-93BB-E3569D509869}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C9FC4E7-CDC4-4518-94D8-BFDB3C3AC3D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C9FC4E7-CDC4-4518-94D8-BFDB3C3AC3D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B4BF941B-271C-477B-9B45-0CC6C612E8E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D642726-689D-4890-B755-9A5B80141AAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D642726-689D-4890-B755-9A5B80141AAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForAudio User" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5732D656-FBE8-4ADD-91A1-CC8A6EA694F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5732D656-FBE8-4ADD-91A1-CC8A6EA694F6}" => key removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Update Check" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F11FC22-DCCB-4BBA-9F25-8DD76C2E478E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F11FC22-DCCB-4BBA-9F25-8DD76C2E478E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01AFF4F1-8DA7-4FE8-B75B-7898043DCB42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F5D1FB4-757C-4046-BBBF-24A6C166F87C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5D1FB4-757C-4046-BBBF-24A6C166F87C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D8B0684-4E21-421A-9DA3-22E875D90BC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{620D0FA0-7AB7-45B8-9892-9EFFF77A4573}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620D0FA0-7AB7-45B8-9892-9EFFF77A4573}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5745C39A-3B26-438F-B47A-597FD044E408}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6551D92C-827F-407E-B29B-F85A66441CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6551D92C-827F-407E-B29B-F85A66441CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{738C6031-AEE0-4467-B021-99E56A92283C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68975819-C141-48CA-8E84-0A2B1E1E53CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68975819-C141-48CA-8E84-0A2B1E1E53CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C4B97E4-242B-45A5-B7CA-D968019EE02D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72987859-2B31-4980-94BD-38D7C855C0CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72987859-2B31-4980-94BD-38D7C855C0CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11D1D1EE-610E-4E26-9ABE-CDF087450E0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7679D5E0-B6DA-4938-ACA0-ECB027F435F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7679D5E0-B6DA-4938-ACA0-ECB027F435F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AF844C1-2FE2-4A0A-A0DC-45F7068DB1FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AF844C1-2FE2-4A0A-A0DC-45F7068DB1FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4F0A5C75-0C96-48D0-8CAB-ED73E892BD0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CB2B761-F9A5-4D84-8917-B8ADD7E9F249}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CB2B761-F9A5-4D84-8917-B8ADD7E9F249}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4476F1CD-B142-496F-9233-397311D32C1F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94365D0A-7804-42B4-B90C-EB83442DDD67} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9A338660-DE8C-4787-9A17-9C7C15E44C46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A338660-DE8C-4787-9A17-9C7C15E44C46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1436904114" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C16C985-1749-4B01-9E8E-E4C1053107CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C16C985-1749-4B01-9E8E-E4C1053107CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6EC65ECE-07AD-4BB1-8330-2D90306B992F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DAA0B85-6A92-4DEE-9C8C-05BC6CCB07AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DAA0B85-6A92-4DEE-9C8C-05BC6CCB07AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1D41E91B-212B-4C82-9515-D8D3BC4F3D7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A163075E-C918-413E-9B49-7F4793BE782F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A163075E-C918-413E-9B49-7F4793BE782F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A18C2DCF-E648-4901-862F-B1B788BB4563}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A18C2DCF-E648-4901-862F-B1B788BB4563} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GTFPOQUOTT => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A209D341-DCB8-43A1-A1BD-BBFA09ADEE25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A209D341-DCB8-43A1-A1BD-BBFA09ADEE25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB1DE566-54CF-4F83-AFDE-17137BE0F280}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A49CA0BD-E2B1-403A-A173-43A49DE8A5FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A49CA0BD-E2B1-403A-A173-43A49DE8A5FA}" => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0744C5E-0996-42BF-9B74-9BBB2D949173}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0744C5E-0996-42BF-9B74-9BBB2D949173}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57453332-E9F4-4093-B4AB-8A1C0C0D5707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B601BC48-667A-43E3-867B-EFCC15833D08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B601BC48-667A-43E3-867B-EFCC15833D08}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-AudioUser-PC-Audio User" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B86F6A4B-FB07-4676-9B80-1280DA10F0BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B86F6A4B-FB07-4676-9B80-1280DA10F0BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD28677-D2F0-483F-BABB-1524C6F2F812}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD28677-D2F0-483F-BABB-1524C6F2F812}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD18775E-7A9E-4167-8C63-1ADF504334D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C61EA3A5-03D1-43ED-BA23-8D1264DB8E2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C61EA3A5-03D1-43ED-BA23-8D1264DB8E2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{19B409AC-4ED8-4FE5-B771-BA649E064B40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6369937-B5E2-4CE2-AE3C-E6ED819E817F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6369937-B5E2-4CE2-AE3C-E6ED819E817F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA6CE454-0CAB-4E15-8C62-9BAD01D34962}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C69307F9-A159-4E7F-87A8-E4CB77B20CA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C69307F9-A159-4E7F-87A8-E4CB77B20CA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EA478442-06BD-40D9-99EE-E2A5D4EF31B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C94419C8-629F-4021-B8CB-D9D33151BB45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C94419C8-629F-4021-B8CB-D9D33151BB45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{51B09220-0A0A-4302-B129-FCD1119106BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D349114A-41F1-4752-B809-8FE29E70CE9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D349114A-41F1-4752-B809-8FE29E70CE9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B0A151AA-7659-482A-8D0E-4C3270186686}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3DE2350-202E-41E3-BE63-A9F6E599113A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DE2350-202E-41E3-BE63-A9F6E599113A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09C97923-5FCE-4D37-9528-6A5DA8E5C872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D604963D-C8AC-4493-9C14-999289A6223C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D604963D-C8AC-4493-9C14-999289A6223C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E752D505-44E8-4FB0-944C-C994CA17BE39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E42D372E-A225-41BD-A22B-C2A930D8CB5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E42D372E-A225-41BD-A22B-C2A930D8CB5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB2BB628-B3BA-4E35-87E8-30A675472AA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB2BB628-B3BA-4E35-87E8-30A675472AA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{422A65CB-1FCB-4305-AA2B-F7A0BE88ABF4}" => key removed successfully
"C:\Users\Audio User\AppData\Local\ba75\5e9c.lnk -> C:\Users\Audio User\AppData\Local\ba75\88f9.bat (No File)" => not found.
C:\Windows => ":AstInfo" ADS removed successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\TEMP => ":0738A6D5" ADS removed successfully.
C:\ProgramData\TEMP => ":090FB735" ADS removed successfully.
C:\ProgramData\TEMP => ":092BD83A" ADS removed successfully.
C:\ProgramData\TEMP => ":0FA1FA1F" ADS removed successfully.
C:\ProgramData\TEMP => ":1A14B3AF" ADS removed successfully.
C:\ProgramData\TEMP => ":1B506EA3" ADS removed successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":1D5FADCD" ADS removed successfully.
C:\ProgramData\TEMP => ":1FF82161" ADS removed successfully.
C:\ProgramData\TEMP => ":219DB32E" ADS removed successfully.
C:\ProgramData\TEMP => ":236FF5C6" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":2D5180DD" ADS removed successfully.
C:\ProgramData\TEMP => ":2DB4FB78" ADS removed successfully.
C:\ProgramData\TEMP => ":31403DF7" ADS removed successfully.
C:\ProgramData\TEMP => ":320208DA" ADS removed successfully.
C:\ProgramData\TEMP => ":3BDF57F4" ADS removed successfully.
C:\ProgramData\TEMP => ":3C8B784A" ADS removed successfully.
C:\ProgramData\TEMP => ":3EC5BC08" ADS removed successfully.
C:\ProgramData\TEMP => ":4762F1D2" ADS removed successfully.
C:\ProgramData\TEMP => ":4FD3435F" ADS removed successfully.
C:\ProgramData\TEMP => ":5106F19A" ADS removed successfully.
C:\ProgramData\TEMP => ":566B9179" ADS removed successfully.
C:\ProgramData\TEMP => ":605645B0" ADS removed successfully.
C:\ProgramData\TEMP => ":63BA523E" ADS removed successfully.
C:\ProgramData\TEMP => ":63C48B80" ADS removed successfully.
C:\ProgramData\TEMP => ":667D4A95" ADS removed successfully.
C:\ProgramData\TEMP => ":669AB5E1" ADS removed successfully.
C:\ProgramData\TEMP => ":6B2FBF73" ADS removed successfully.
C:\ProgramData\TEMP => ":6F604181" ADS removed successfully.
C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully.
C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.
C:\ProgramData\TEMP => ":82756AB7" ADS removed successfully.
C:\ProgramData\TEMP => ":82D85D00" ADS removed successfully.
C:\ProgramData\TEMP => ":89B7A4D9" ADS removed successfully.
C:\ProgramData\TEMP => ":8C84E358" ADS removed successfully.
C:\ProgramData\TEMP => ":92D35C13" ADS removed successfully.
C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully.
C:\ProgramData\TEMP => ":9A6195F4" ADS removed successfully.
C:\ProgramData\TEMP => ":9FB6814A" ADS removed successfully.
C:\ProgramData\TEMP => ":C3E7F2E9" ADS removed successfully.
C:\ProgramData\TEMP => ":C5A156B6" ADS removed successfully.
C:\ProgramData\TEMP => ":CA1F3AC3" ADS removed successfully.
C:\ProgramData\TEMP => ":CF8AEC6E" ADS removed successfully.
C:\ProgramData\TEMP => ":DBB979D4" ADS removed successfully.
C:\ProgramData\TEMP => ":DC938322" ADS removed successfully.
C:\ProgramData\TEMP => ":E3615992" ADS removed successfully.
C:\ProgramData\TEMP => ":EC970DB6" ADS removed successfully.
C:\ProgramData\TEMP => ":ED2D63E4" ADS removed successfully.
C:\ProgramData\TEMP => ":EE2DD6CC" ADS removed successfully.
C:\ProgramData\TEMP => ":EF69BA58" ADS removed successfully.
C:\ProgramData\TEMP => ":F74EC668" ADS removed successfully.
C:\ProgramData\TEMP => ":F9000065" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E415958-4029-4170-B081-EACAA246C847} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA64215A-9700-41C5-8EF1-A94173C50364} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14D65D09-E1F7-40DE-B8D0-CA42BF7D4A56} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DDA99010-6C92-429F-98A8-D49039F91010} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72E8112A-7F6B-4D76-BA07-52BC09F1E026} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4329A88A-55B3-4452-87D4-B80036D0AF4A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD078D95-74DE-4E62-9819-CA7E22B4BC85} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D11FCBF6-BF45-4CEE-84E1-9D19B4852BB4} => value not found.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1AF564E6-8877-4C06-9C7A-4ADE120B0CB5}.
Unable to cancel {F8911298-0ECC-4CBF-88E7-F5D5E726F444}.
Unable to cancel {E77F646B-F1F0-4C8E-9701-673682469DA7}.
Unable to cancel {39420735-D2D5-4070-B5E3-BF4EE028CFEE}.
Unable to cancel {B24F3B4F-A61B-4D83-88AA-75ED1CAC1F76}.
Unable to cancel {F462D86A-576B-44D8-993C-4A3ED13B3BA6}.
{32889423-7363-450D-972C-25A3EFA58864} canceled.
1 out of 7 jobs canceled.

========= End ofCMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End ofCMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End ofCMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7765284 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 424571 B
Edge => 0 B
Chrome => 520934 B
Firefox => 49289279 B
Opera => 1319648 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42773923 B
systemprofile32 => 65960 B
LocalService => 132244 B
NetworkService => 13345864 B
Audio User => 17884263 B
UpdatusUser => 0 B
DefaultAppPool => 0 B

RecycleBin => 180524020 B
EmptyTemp: => 307.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:34:34 ====

# AdwCleaner v3.013 - Report created 24/11/2013 at 19:52:29
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Audio User - AUDIOUSER-PC
# Running from : C:\Users\Audio User\Downloads\Tools\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3119 octets] - [23/11/2013 19:55:26]
AdwCleaner[R1].txt - [834 octets] - [24/11/2013 19:52:29]
AdwCleaner[S0].txt - [3188 octets] - [23/11/2013 19:56:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [953 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Audio User (Administrator) on Wed 07/20/2016 at 11:31:50.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 25

Successfully deleted: C:\Users\Audio User\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Audio User\AppData\Roaming\software informer (Folder)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\users\Public\Documents\guid (Folder)
Successfully deleted: C:\Windows\reimage.ini (File)
Successfully deleted: C:\Windows\system32\drivers\swdumon.sys (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\software informer (Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7M06FDN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7M06FDN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Audio User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAJ9MVNM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7M06FDN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7M06FDN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAJ9MVNM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\FAP6324.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\FAP6642.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\FAP9DAA.tmp (File)

Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\HLNFD (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/20/2016 at 11:36:57.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6
zep516

Posted 20 July 2016 - 06:24 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Don't forget to run the "Clean" option in adwCleaner just in case you didn't.
Open adwCleaner, click on scan, let scan finish, click log file, click clean. No log posting necessary

Could you run Malwarebytes 1 more time, want to check for rootkits.

1. We now need to enable rootkit scanning to detect the largest amount of malware that is possible with MalwareBytes. To do this, click on the Settings section at the top of the MalwareBytes application and you wil be brought to the general settings section.

2. Now click on the Detection and Protection settings category on the left sidebar. You will now be shown the settings MalwareBytes will use when scanning your computer

3. At this screen, please put a checkmark in the option labaled Scan for rootkits. If you do not see this option, please make sure you are using the latest version of MalwareBytes.
Now that you have enabled rootkit scanning, click on the Scan button to go to the scan screen.

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

Next

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Post the malwarebytes log, then Re-run farber and post both of those logs in another reply

Thanks
Joe

#7
Icey1950

Posted 21 July 2016 - 06:45 AM

Member

Topic Starter
Member
49 posts

Good Morning Zep516 / Joe,

Thanks for taking the time to help me with this.

Here are the requested logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2016
Scan Time: 7:36 AM
Logfile: Malewarebytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.21.02
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Audio User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404518
Time Elapsed: 47 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\cf627cc21998a6aea76d89ac9ad27c5d, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\08efbe9474e1fe7b601e25a480263b34, , [d6d069bde8b2e551a76eae471ce7aa56],

Files: 18
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\cf627cc21998a6aea76d89ac9ad27c5d\2B37EAB0C6B5B44D6336C15C64CF213D.ICO, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\cf627cc21998a6aea76d89ac9ad27c5d\7d7780326e915509eaa5c84d9199e445.ico, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\cf627cc21998a6aea76d89ac9ad27c5d\8cca5707a9dd2e6953d8b7ef274768fd.ico, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\05e396e333c81db8fe38b598aa9d6081.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\1df1eede81be06ca9901ffb227bedd72.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\2b37eab0c6b5b44d6336c15c64cf213d.ico, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\37d522958db3fa39ec3bea694cf516b0.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\3d2b93ccaf9037d89dd1e2de4c250b91.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\4f8c888a28369b10018fca3f3d082720.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\584b00d422fa250792ba936705a15048, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\8f4fa13039de76c61a80976393094d9a.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\9df7daeacee27f702cced5c33ff4014b.exe, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\ac94164273b49c58c0bad3fc6feb773b, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\dc23c7a24c6f29a668d251d65fd47b3f.cfg, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\dc23c7a24c6f29a668d251d65fd47b3f.inf, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\dc23c7a24c6f29a668d251d65fd47b3f.sys, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\08efbe9474e1fe7b601e25a480263b34\nkjiyk.dll, , [d6d069bde8b2e551a76eae471ce7aa56],
PUP.Optional.Wajam.Gen, C:\Program Files\5d9d84290ff2d5103c42bfd35c28f35d\08efbe9474e1fe7b601e25a480263b34\ryvrlh.dll, , [d6d069bde8b2e551a76eae471ce7aa56],

Physical Sectors: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Audio User (administrator) on AUDIOUSER-PC (21-07-2016 08:33:47)
Running from C:\FRST
Loaded Profiles: Audio User (Available Profiles: Audio User & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
() C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Users\Audio User\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlsInterface.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PSIService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\MediaCataloger.exe
() C:\Users\Audio User\Downloads\Incredimail\IncrediMailSetup.exe
(IncrediMail ) C:\Users\Audio User\AppData\Local\Temp\IM_B8B5.tmp\IncrediMailSetup_en.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\Spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [HughesNetStatusMeter] => C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe [233472 2015-01-28] ()
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ADVENT~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1151463B-E31E-4485-BA27-2DBA8FB7D88C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{38909CD8-DB01-4FA6-9635-A91098A84D91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{38909CD8-DB01-4FA6-9635-A91098A84D91}: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D9A51A99-C084-470B-BBD0-F93A951A34FB}: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.0.1/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
IE Session Restore: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000 -> is enabled.
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-09-20] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Speed Dial - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-07-19]
FF Extension: All Aboard - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default\Extensions\@all-aboard-v1 [2016-07-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome:
=======
CHR Profile: C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ColorZilla) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-12-24]
CHR Extension: (Kindle Cloud Launcher) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabgeinondjemaplkkcifnplhcbeeiob [2015-01-07]
CHR Extension: (FVDtab speed dial) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cklafljchoobldkimicddpobdpfkckfp [2016-07-19]
CHR Extension: (AdBlock) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-17]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-07-19]
CHR Extension: (Ghostify Hide Geo FREE) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp [2016-07-19]
CHR Extension: (Typing Tutor) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppodolbmofkadjlohmiofjladlpfked [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [oaocmnfllndpbbmjmniielgaanaifehp] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://Google.com/h?eq=U0EeCFZVBB8SRggbdQhcUgtJRxgUcQAITA0SQwAOeQ8MUhQQGAcbdA0BBAxFGA0FIk0FA1oDB0VXfV5bFElXTwhuL0tdM1wCVFlXM3FNAw=="
OPR Session Restore: -> is enabled.

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [399096 2016-03-14] (JRiver, Inc.)
R2 MF NTFS Monitor; C:\Users\Audio User\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456176 2015-04-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 nlsInterface; C:\Windows\system32\nlsInterface.exe [72192 2009-04-03] (Nalpeiron Ltd.) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [231944 2009-07-29] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-04-23] (Windows ® Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 NVHDA; no ImagePath
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
U0 tbgaid; C:\Windows\System32\drivers\nlrujllr.sys [79064 2016-07-21] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 08:29 - 2016-07-21 08:30 - 00000000 ____D C:\Users\Audio User\Downloads\GEEKSTOGO LOGS
2016-07-21 08:26 - 2016-07-21 08:26 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\nlrujllr.sys
2016-07-20 20:36 - 2016-07-21 07:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-20 20:36 - 2016-07-20 20:36 - 00001170 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-20 20:36 - 2016-07-20 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-20 20:36 - 2016-07-20 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 20:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-20 20:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-20 20:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-20 12:07 - 2016-07-21 08:33 - 00000000 ____D C:\FRST
2016-07-20 11:36 - 2016-07-20 11:36 - 00003815 _____ C:\Users\Audio User\Desktop\JRT.txt
2016-07-20 11:31 - 2016-07-20 11:31 - 01610560 _____ (Malwarebytes) C:\Users\Audio User\Downloads\JRT.exe
2016-07-19 11:42 - 2016-07-19 11:42 - 03143496 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Audio User\Downloads\AVG_Protection_Free_1599.exe.part
2016-07-19 11:40 - 2016-07-19 11:40 - 02135856 _____ C:\Users\Audio User\Downloads\Adaware_Installer.exe.part
2016-07-19 10:33 - 2016-07-19 10:40 - 00000000 ____D C:\Users\Audio User\AppData\Local\Mozilla
2016-07-19 10:33 - 2016-07-19 10:34 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Mozilla
2016-07-19 10:33 - 2016-07-19 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-19 10:21 - 2016-07-19 10:23 - 48521840 _____ C:\Users\Audio User\Downloads\Firefox Setup 47.0.1.exe
2016-07-19 10:21 - 2016-07-19 10:21 - 00000000 ____D C:\ProgramData\Lavasoft
2016-07-18 09:06 - 2016-07-19 10:33 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-18 04:02 - 2016-07-18 04:02 - 00149544 _____ C:\Users\Audio User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-18 03:49 - 2016-07-18 03:49 - 00008192 ___SH C:\Users\Audio User\AppData\Roaming\Thumbs.db
2016-07-17 11:22 - 2016-07-17 11:22 - 00000000 ____D C:\Windows\system32\sypd
2016-07-17 11:22 - 2016-07-17 11:22 - 00000000 ____D C:\Windows\system32\jise
2016-07-17 11:16 - 2016-07-17 11:16 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-17 07:49 - 2016-07-17 07:50 - 00002090 _____ C:\Users\Audio\Local State
2016-07-17 07:42 - 2016-07-17 07:50 - 00000000 ____D C:\Users\Audio\Default
2016-07-17 07:42 - 2016-07-17 07:50 - 00000000 ____D C:\Users\Audio
2016-07-17 07:42 - 2016-07-17 07:49 - 00000000 ____D C:\Users\Audio\ShaderCache
2016-07-16 11:46 - 2016-07-16 11:46 - 00000000 ____D C:\Camouflage
2016-07-14 01:27 - 2016-07-14 01:27 - 20466368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-13 02:24 - 2016-07-13 02:58 - 00000746 _____ C:\LoadLogTextFormat.txt
2016-07-13 02:22 - 2016-07-13 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlphaPlugins
2016-07-13 02:22 - 2004-10-03 17:41 - 00167936 _____ (Panopticum,LLC. Maxim Chernousov, [email protected], [email protected].) C:\Windows\SysWOW64\Engine3D.dll
2016-07-12 05:44 - 2016-07-12 05:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-11 16:48 - 2016-07-11 16:48 - 00102559 _____ C:\Windows\4f8c888a28369b10018fca3f3d082720.exe
2016-07-11 16:48 - 2016-07-11 16:48 - 00079952 _____ C:\Windows\system32\Drivers\dc23c7a24c6f29a668d251d65fd47b3f.sys
2016-07-09 21:41 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-09 21:41 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-09 21:41 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-09 21:41 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-09 21:41 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-09 21:41 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-09 21:41 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-09 21:41 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-09 21:41 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-09 21:41 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-09 21:41 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-09 21:38 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-09 21:38 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-09 21:38 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-09 21:38 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-09 21:38 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-09 21:38 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-09 21:38 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-09 21:38 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-09 21:38 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-09 21:38 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-09 21:38 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-09 21:38 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-09 21:38 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-09 21:38 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-09 21:38 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-09 21:37 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-09 21:37 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-09 21:37 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-09 21:37 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-09 21:37 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-09 21:37 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-09 21:37 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-09 21:37 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-09 21:37 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-09 21:37 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-09 21:37 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-09 21:37 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-09 21:37 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-09 21:37 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-09 21:37 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-09 21:37 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-09 21:37 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-09 21:37 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-09 21:37 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-09 21:37 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-09 21:37 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-09 21:37 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-09 21:37 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-09 21:37 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-09 21:37 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-09 21:37 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-09 21:37 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-09 21:37 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-09 21:37 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-09 21:37 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-09 21:37 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-09 21:37 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-09 21:37 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-09 21:37 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-09 21:37 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-09 21:37 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-09 21:37 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-09 21:37 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-09 21:37 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-09 21:37 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-09 21:37 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-09 21:37 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-09 21:37 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-09 21:37 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-09 21:37 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-09 21:37 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-09 21:37 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-09 21:37 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-09 21:37 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-09 21:37 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-09 21:37 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-09 21:37 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-09 21:37 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-09 21:37 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-09 21:37 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-09 21:37 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-09 21:37 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-09 21:37 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-09 21:37 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-09 21:37 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-09 21:35 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-09 21:35 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-09 21:35 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-09 21:35 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-09 21:35 - 2016-01-06 15:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-09 21:35 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-09 21:35 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-09 21:35 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-09 21:35 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-09 21:35 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-09 21:35 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-09 21:35 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-09 21:34 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-09 21:34 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-09 21:34 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-09 21:34 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-09 21:34 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-09 21:34 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-09 21:34 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-09 21:34 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-09 21:34 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-09 21:34 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-09 21:34 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-09 21:34 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-09 21:34 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-07-09 21:34 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-07-09 21:33 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-09 21:33 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-09 21:33 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-09 21:33 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-09 21:33 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-09 21:33 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-09 21:33 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-09 21:33 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-09 21:33 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-09 21:33 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-09 21:33 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-09 21:33 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-09 21:33 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-09 21:33 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-09 21:33 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-07-09 21:33 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-07-09 21:33 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-07-09 21:33 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-07-09 21:33 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-07-09 21:33 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-07-09 21:33 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-07-09 21:33 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-07-09 21:33 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-07-09 21:33 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-07-09 21:33 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-07-09 21:33 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-07-09 21:33 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-07-09 21:33 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-07-09 21:32 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-09 21:32 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-09 21:32 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-09 21:32 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-09 21:32 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-09 21:32 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-09 21:32 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-09 21:32 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-09 21:32 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-09 21:32 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-09 21:32 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-09 21:32 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-09 21:32 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-09 21:32 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-09 21:32 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-09 21:32 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-09 21:32 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-09 21:32 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-09 21:32 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-09 21:32 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-09 21:32 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-09 21:31 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-09 21:31 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-09 21:31 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-09 21:31 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-09 21:31 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-09 21:31 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-09 21:31 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-09 21:31 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-09 21:31 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-09 21:31 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-09 21:31 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-09 21:31 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-07-09 21:31 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-07-09 21:31 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-07-09 21:28 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-09 21:28 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-09 21:28 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-09 21:28 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-09 21:28 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-09 21:28 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-09 21:28 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-09 21:28 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-09 21:28 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-09 21:28 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-09 21:28 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-09 21:28 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-09 21:28 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-09 21:27 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-09 21:27 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-09 02:51 - 2016-07-09 02:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-09 02:27 - 2016-06-29 18:55 - 00000853 _____ C:\Windows\system32\Drivers\etc\hosts.20160709-022745.backup
2016-07-09 02:12 - 2016-07-09 02:12 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-07-09 02:11 - 2016-07-18 09:06 - 00001443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-09 02:11 - 2016-07-18 09:05 - 00001431 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-07-09 02:11 - 2016-07-09 02:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-09 02:11 - 2016-07-09 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-09 02:11 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-07-08 21:54 - 2016-07-08 21:55 - 00000000 ____D C:\Splat
2016-07-07 23:02 - 2016-07-07 23:02 - 13076440 _____ C:\Users\Audio User\Downloads\IncrediMailSetup.exe
2016-07-05 22:08 - 2016-07-05 22:08 - 00000011 _____ C:\Windows\3DShadow.INI
2016-07-05 21:59 - 2016-07-05 21:59 - 00000000 ____D C:\Program Files (x86)\Lokas
2016-07-05 01:37 - 2016-07-07 20:09 - 00000000 ____D C:\Users\Audio User\AppData\Local\ba75
2016-07-05 01:37 - 2016-07-05 01:37 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\e609
2016-06-30 21:26 - 2016-06-30 21:27 - 00000000 ____D C:\Users\Audio User\Documents\Incredimail
2016-06-29 21:17 - 2016-07-18 09:06 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
2016-06-29 19:01 - 2016-06-30 22:12 - 00000000 ____D C:\Users\Audio User\Documents\CCleaner backups
2016-06-29 18:26 - 2016-06-29 18:26 - 00000000 ____D C:\Program Files\Reason
2016-06-28 20:01 - 2016-06-28 20:01 - 06569088 _____ (Tim Kosse) C:\Users\Audio User\Downloads\FileZilla_3.19.0_win64-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 08:02 - 2013-10-12 02:22 - 00000000 ____D C:\Users\Audio User\AppData\Local\Corel
2016-07-21 08:01 - 2015-10-17 23:19 - 00000000 ____D C:\Users\Audio User\Documents\My PSP Files
2016-07-21 08:01 - 2013-10-12 02:22 - 00004704 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2016-07-21 07:58 - 2014-03-17 22:56 - 00000000 ____D C:\Program Files (x86)\Trillian
2016-07-21 07:29 - 2015-04-22 06:21 - 00000000 ____D C:\Users\Audio User\Downloads\WEB TOOLS
2016-07-21 07:26 - 2009-07-14 00:45 - 00025872 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-21 07:26 - 2009-07-14 00:45 - 00025872 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-21 07:18 - 2016-02-11 09:09 - 00000000 ____D C:\ProgramData\Kodak
2016-07-21 07:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 21:01 - 2014-01-17 08:02 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2016-07-20 21:00 - 2014-01-17 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
2016-07-20 21:00 - 2014-01-10 00:39 - 00000000 ____D C:\ProgramData\TEMP
2016-07-20 12:37 - 2016-03-28 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-20 12:37 - 2016-01-02 21:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 12:37 - 2016-01-02 21:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 12:34 - 2014-03-28 18:25 - 00000000 ____D C:\Users\Audio User\AppData\LocalLow\Temp
2016-07-20 11:59 - 2013-11-23 20:55 - 00000000 ____D C:\AdwCleaner
2016-07-19 10:56 - 2015-11-03 02:41 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Professional Edition 9.1
2016-07-19 10:33 - 2016-06-10 01:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-19 10:24 - 2014-06-02 05:32 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Brave Giant
2016-07-19 10:02 - 2014-07-01 04:24 - 00000000 ____D C:\Windows\Evil Pumpkin - The Lost Halloween
2016-07-19 10:02 - 2013-09-20 01:59 - 00000000 ____D C:\Users\Audio User\AppData\Local\Apps\2.0
2016-07-18 09:06 - 2016-04-13 17:12 - 00001506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-18 09:06 - 2016-04-06 22:12 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 4.lnk
2016-07-18 09:06 - 2016-02-02 04:29 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
2016-07-18 09:06 - 2016-01-02 21:06 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-18 09:06 - 2015-12-17 08:25 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 5.lnk
2016-07-18 09:06 - 2015-10-31 03:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-18 09:06 - 2015-09-16 16:25 - 00002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
2016-07-18 09:06 - 2015-07-14 16:01 - 00002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-18 09:06 - 2015-06-12 09:58 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Nature Manual.lnk
2016-07-18 09:06 - 2014-02-12 04:25 - 00002665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipsePalette.lnk
2016-07-18 09:06 - 2014-02-01 07:47 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2016-07-18 09:06 - 2014-01-31 23:50 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenofex 2 Manual.lnk
2016-07-18 09:06 - 2014-01-30 17:58 - 00001488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-07-18 09:06 - 2014-01-30 17:55 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-07-18 09:06 - 2014-01-30 17:54 - 00001306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-07-18 09:06 - 2014-01-30 17:52 - 00001563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-07-18 09:06 - 2014-01-30 17:52 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-07-18 09:06 - 2014-01-28 11:41 - 00000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Impact Manual.lnk
2016-07-18 09:06 - 2014-01-25 21:18 - 00000892 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5.0 Textures Manual.lnk
2016-07-18 09:06 - 2014-01-17 11:26 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2016-07-18 09:06 - 2013-09-19 05:49 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-18 09:06 - 2013-09-19 05:49 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-18 09:06 - 2013-09-19 04:31 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-18 09:06 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-18 09:06 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-18 09:06 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-18 09:05 - 2016-03-11 06:55 - 00002378 _____ C:\Users\Public\Desktop\Play Living Legends - Bound by Wishes Collectors Edition.lnk
2016-07-18 09:05 - 2016-03-05 05:17 - 00002376 _____ C:\Users\Public\Desktop\Play Myths of the World - Spirit Wolf Collectors Edition.lnk
2016-07-18 09:05 - 2016-02-03 07:10 - 00001118 _____ C:\Users\Audio User\Desktop\AMP Font Viewer.lnk
2016-07-18 09:05 - 2016-01-24 06:26 - 00001465 _____ C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-18 09:05 - 2016-01-20 05:58 - 00002283 _____ C:\Users\Public\Desktop\Play Haunted Hotel - Phoenix Collectors Edition.lnk
2016-07-18 09:05 - 2015-12-06 03:29 - 00002101 _____ C:\Users\Audio User\Desktop\DAZ Install Manager.lnk
2016-07-18 09:05 - 2014-03-30 16:05 - 00001161 _____ C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2016-07-18 05:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-18 04:48 - 2014-01-27 15:18 - 00000000 ____D C:\Users\Audio User\Documents\ADDRESSES
2016-07-18 04:19 - 2013-11-12 02:19 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-07-18 04:14 - 2013-09-20 16:50 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-07-17 12:37 - 2014-07-09 22:33 - 00000000 ____D C:\Windows\Haunted Hotel 6- Ancient Bane Collector's Edition
2016-07-17 12:05 - 2013-09-26 22:31 - 00000000 ____D C:\Program Files (x86)\J River
2016-07-17 12:03 - 2013-11-12 02:17 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool VL Viewer
2016-07-17 12:03 - 2013-11-12 02:17 - 00000000 ____D C:\Program Files (x86)\CoolVLViewer-1.26.10
2016-07-17 11:28 - 2013-09-19 04:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\DNSAPI.dll
2016-07-17 11:24 - 2016-03-24 15:28 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForAudio User.job
2016-07-17 11:23 - 2013-09-19 04:18 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-07-17 11:20 - 2015-12-04 05:52 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-17 11:16 - 2015-06-16 21:31 - 00000000 ____D C:\Users\Audio User\AppData\Local\CrashDumps
2016-07-17 08:13 - 2015-03-31 16:02 - 00000000 ____D C:\Program Files (x86)\Screen Calipers 4.0
2016-07-17 07:28 - 2013-09-20 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-07-17 05:12 - 2009-07-14 00:45 - 05137440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-16 15:18 - 2016-01-05 18:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-16 14:06 - 2015-04-11 22:19 - 00000000 ____D C:\Users\Audio User\Downloads\Font
2016-07-16 12:06 - 2016-01-29 06:31 - 00000000 ____D C:\Users\Audio User\Downloads\Plugins
2016-07-14 01:28 - 2016-01-02 13:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 01:28 - 2016-01-02 13:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 02:27 - 2013-09-19 07:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 02:27 - 2013-09-19 07:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 02:22 - 2013-09-20 13:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-13 00:50 - 2009-07-14 01:13 - 00835878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-12 05:44 - 2014-07-21 17:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-12 05:44 - 2014-07-21 17:06 - 00000000 ____D C:\ProgramData\Skype
2016-07-12 04:50 - 2015-08-25 00:47 - 00000000 ____D C:\Users\Audio User\Downloads\Incredimail
2016-07-12 04:21 - 2015-10-10 18:08 - 00000000 ____D C:\Users\Audio User\AppData\Local\IM
2016-07-12 03:43 - 2013-09-25 22:17 - 00000000 ____D C:\Users\Audio User\AppData\Local\ElevatedDiagnostics
2016-07-11 22:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-10 23:55 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-10 23:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-10 02:50 - 2013-09-19 04:59 - 00000000 ____D C:\Windows\system32\MRT
2016-07-10 02:36 - 2013-09-19 04:59 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-10 02:34 - 2013-09-20 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-10 02:32 - 2013-09-20 11:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-10 02:32 - 2013-09-20 11:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-10 02:19 - 2013-10-24 17:21 - 00812600 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-10 02:00 - 2014-03-29 19:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-09 21:02 - 2015-04-18 02:02 - 00000000 ____D C:\Users\Audio User\Downloads\Alien Skin
2016-07-09 02:27 - 2009-07-13 22:34 - 00450732 ____R C:\Windows\system32\Drivers\etc\hp.bak
2016-07-09 01:36 - 2013-09-20 11:37 - 00000000 ____D C:\Windows\pss
2016-07-08 22:02 - 2014-01-25 21:13 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Alien Skin
2016-07-07 20:16 - 2015-07-14 15:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 00:11 - 2015-11-09 02:08 - 00000000 ____D C:\Users\Audio User\Downloads\Coloring Books
2016-07-06 21:13 - 2015-04-22 04:40 - 00000000 ____D C:\Users\Audio User\Downloads\Photoshop
2016-07-06 20:39 - 2010-11-20 23:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 21:59 - 2015-10-11 13:06 - 00044544 ____N C:\Windows\AWuninstall.exe
2016-07-05 21:24 - 2014-01-28 11:41 - 00000000 ____D C:\Alien Skin
2016-07-05 21:24 - 2014-01-25 21:18 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2016-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-07-04 00:34 - 2013-09-19 04:32 - 00001945 _____ C:\Windows\epplauncher.mif
2016-07-04 00:33 - 2013-09-19 04:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-04 00:33 - 2013-09-19 04:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-07-02 23:50 - 2013-09-19 07:17 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Adobe
2016-07-02 21:32 - 2013-10-12 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro Photo X2
2016-07-02 16:28 - 2016-01-05 17:04 - 00000000 ____D C:\Users\Audio User\Desktop\JES PLUGIN LESSONS
2016-06-30 22:21 - 2016-06-06 00:03 - 00000000 ____D C:\Users\Audio User\Desktop\PLETHORA LESSONS
2016-06-30 21:27 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-29 20:26 - 2016-06-20 02:15 - 00000000 __HDC C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
2016-06-29 20:26 - 2016-06-20 02:15 - 00000000 __HDC C:\ProgramData\{63B3AF69-722B-4FA9-965F-94DEB1E78796}
2016-06-29 20:26 - 2016-06-20 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2016-06-29 20:26 - 2016-06-20 02:13 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2016-06-29 20:26 - 2016-02-12 16:21 - 00000000 ____D C:\Users\Audio User\AppData\Local\Eastman_Kodak_Company
2016-06-29 20:26 - 2014-05-25 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Galaxy
2016-06-29 20:26 - 2014-02-20 14:48 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Diagnostics
2016-06-29 20:26 - 2013-09-19 03:04 - 00000000 ____D C:\Users\Audio User
2016-06-28 22:14 - 2014-07-10 22:04 - 00000756 _____ C:\Windows\nvrph.ini
2016-06-28 20:04 - 2014-01-21 19:16 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\FileZilla
2016-06-26 10:04 - 2009-07-14 01:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-24 15:01 - 2015-09-25 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PluginsGalaxy
2016-06-21 07:01 - 2014-05-01 20:04 - 00373248 _____ C:\Windows\EyeCand3.INI

==================== Files in the root of some directories =======

2014-08-15 07:01 - 2015-11-09 01:05 - 0000363 _____ () C:\Program Files (x86)\RecentPlaces.lnk
2014-02-12 02:53 - 2015-01-16 14:50 - 0000132 _____ () C:\Users\Audio User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-07-18 03:49 - 2016-07-18 03:49 - 0008192 ___SH () C:\Users\Audio User\AppData\Roaming\Thumbs.db
2015-04-04 00:13 - 2015-10-10 21:19 - 0004608 _____ () C:\Users\Audio User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-14 10:33 - 2016-03-17 18:10 - 0010374 _____ () C:\Users\Audio User\AppData\Local\installer.log
2013-11-10 06:39 - 2013-11-10 06:39 - 0000080 _____ () C:\Users\Audio User\AppData\Local\X-Plane Installer.prf
2013-11-10 06:37 - 2013-11-10 06:37 - 0000046 _____ () C:\Users\Audio User\AppData\Local\x-plane_install_10.txt
2016-02-22 20:42 - 2016-02-22 20:42 - 0000000 _____ () C:\Users\Audio User\AppData\Local\{E2817094-16B9-441C-A0CA-D72AEC9E0246}
2013-10-06 05:45 - 2016-02-02 04:41 - 0000512 _____ () C:\ProgramData\HPWALog.txt

Some files in TEMP:
====================
C:\Users\Audio User\AppData\Local\Temp\parctmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-07 07:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by Audio User (2016-07-21 08:35:03)
Running from C:\FRST
Windows 7 Home Premium Service Pack 1 (X64) (2013-09-19 07:04:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2365759274-3180811660-3926093282-500 - Administrator - Disabled)
Audio User (S-1-5-21-2365759274-3180811660-3926093282-1000 - Administrator - Enabled) => C:\Users\Audio User
Guest (S-1-5-21-2365759274-3180811660-3926093282-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2365759274-3180811660-3926093282-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Shadow by Lokas Software (HKLM-x32\...\3D Shadow by Lokas Software) (Version: - )
A Ruler for Windows (HKLM\...\{DCF4C336-18DB-449B-9238-821B7F28B614}_is1) (Version: 2.7 - Latour)
AbstractCurves x64 (HKLM\...\AbstractCurves AbstractCurves x64 1) (Version: 1.190 - AbstractCurves Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
aiofw (x32 Version: 4.2.6.0 - Eastman Kodak Company) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
Alien Skin Eye Candy 5 Impact (HKLM-x32\...\EyeCandy5Impact) (Version: - )
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version: - )
Alien Skin Eye Candy 5 Textures (HKLM-x32\...\EyeCandy5Textures) (Version: - )
Alien Skin Snap Art 2 (HKLM-x32\...\Snap Art 2) (Version: - )
Alien Skin Snap Art 3 (HKLM\...\Alien Skin Snap Art 3) (Version: - Alien Skin)
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - )
Amazon Kindle (HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Amazon Kindle) (Version: - Amazon)
AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version: - )
AmphiSoft plug-in filters DEMO (HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\AmphiSoft plug-in filters DEMO) (Version: 01.22.00.00 - AmphiSoft)
Artistic Effects by Lokas Software (HKLM-x32\...\Artistic Effects by Lokas Software) (Version: - )
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.6.0.0 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.5.4.0 - Auslogics Labs Pty Ltd)
Auto FX Free (HKLM\...\{ABE4D060-5260-453F-A742-933194AEB045}) (Version: 2.00.0004 - Auto FX Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blender (HKLM\...\Blender) (Version: 2.69 - Blender Foundation)
Bonjour (HKLM\...\{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
center (x32 Version: 5.0.0.0 - Eastman Kodak Company) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.2.10260.0 - Cisco Consumer Products LLC)
CoffeeCup HTML Editor (HKLM-x32\...\CoffeeCup HTML Editor) (Version: - )
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete) (Version: 3.1.0.0 - Nik Software, Inc.)
Cool VL Viewer 1.26.12 (HKLM-x32\...\Cool VL Viewer 1.26.12) (Version: 1.26.12.41 - Cool Products)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.25 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
DeskPins (remove only) (HKLM-x32\...\DeskPins) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
EclipsePalette (HKLM-x32\...\{889047C6-F781-46AF-8183-04C661155710}) (Version: 2.0.20 - Green Eclipse)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Eye Candy 4000 Demo (HKLM-x32\...\Eye Candy 4000) (Version: - )
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Fear For Sale: Nightmare Cinema (HKLM-x32\...\Fear For Sale: Nightmare Cinema) (Version: 1.0.0.0 - Pogo.com)
Filter Forge 1.009 (HKLM-x32\...\Filter Forge_is1) (Version: - Filter Forge, Inc.)
Filter Forge 4.015 (HKLM-x32\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.)
Filter Forge 5.007 (HKLM-x32\...\Filter Forge 5_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version: - Filter Forge, Inc.)
Filter Forge Freepack 4 - Distortions 2.013 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version: - Filter Forge, Inc.)
FilterMeister 1.0 Beta 8.7 (HKLM-x32\...\FilterMeister_is1) (Version: - AFH Systems)
Filters Unlimited 2.0 (HKLM-x32\...\Filters Unlimited_is1) (Version: - )
FM Patcher 1.01 (HKLM-x32\...\FM Patcher_is1) (Version: - AFH Systems & The Plugin Site)
Fotomatic version 1.4 (HKLM-x32\...\{6022299E-440C-43DA-825F-B58BCCB570B9}_is1) (Version: 1.4 - Cybia)
G-Force (HKLM-x32\...\G-Force) (Version: 5.1.1 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Harrys Filters 4.0 (Plugin) (HKLM\...\Harrys Filters 4.0 (Plugin)_is1) (Version: - The Plugin Site)
Haunted Hotel: Phoenix Collector's Edition (HKLM-x32\...\BFG-Haunted Hotel - Phoenix Collectors Edition) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM-x32\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
HughesNet Status Meter (HKLM-x32\...\{67939A60-3C84-4556-8427-97793155AEF6}) (Version: 6.2.0 - None provided)
IcePattern 1.2 for Adobe Photoshop (HKLM-x32\...\IcePattern v 1.2. for Adobe Photoshop_is1) (Version: - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6276.0 - IDT)
IncrediBackup (HKLM-x32\...\IncrediBackup) (Version: 1.0.0.1087 - IncrediMail Ltd.)
IncrediBackup (x32 Version: 1.0.0.1087 - IncrediMail) Hidden
IncrediMail (x32 Version: 6.6.0.5328 - IncrediMail) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
JRiver Media Center 21 (HKLM-x32\...\Media Center 21) (Version: 21 - JRiver, Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kai's Power Tools 5 (HKLM-x32\...\Kai's Power Tools 5) (Version: - )
KODAK AiO Home Center (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 5.4.6.4 - Eastman Kodak Company)
LightScribe Applications (HKLM-x32\...\{16F5ADDD-6EFD-411A-9013-8DD2C629FE53}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Living Legends: Bound by Wishes Collector's Edition (HKLM-x32\...\BFG-Living Legends - Bound by Wishes Collectors Edition) (Version: - )
Mahjong Garden Deluxe (HKLM-x32\...\Mahjong Garden Deluxe) (Version: - Pogo.com)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio FireWire Driver 6.0.1 (x64) (HKLM\...\{3C33BA1B-D447-41CF-A228-84DD499F6F61}) (Version: 6.0.1 - M-Audio)
MediaFACE 4.2 (HKLM-x32\...\InstallShield_{9DFCAA7A-9B62-4468-8F91-F68150AA8BAD}) (Version: 4.2 - Fellowes)
MediaFACE 4.2 (x32 Version: 4.2 - Fellowes) Hidden
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 1.4.29.10845) (Version: 1.4.29.10845 - MediaFire)
MeshLab_64b 1.3.4BETA (HKLM-x32\...\MeshLab_64b) (Version: 1.3.4BETA - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
Myths of the World: Spirit Wolf Collector's Edition (HKLM-x32\...\BFG-Myths of the World - Spirit Wolf Collectors Edition) (Version: - )
namesuppressed Plaid Lite (HKLM-x32\...\PlaidLite_5QM) (Version: (v1.20) - namesuppressed)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Path Copy Copy 11.1 (HKLM\...\{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}_is1) (Version: - Charles Lechasseur)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
PhotoFreebies 2.03 (Plugin) (HKLM\...\PhotoFreebies 2.03 (Plugin)_is1) (Version: - The Plugin Site)
Plugin Galaxy 1.0 (HKLM-x32\...\Plugin Galaxy 1.0_is1) (Version: - )
Plugin Galaxy 3.01 (Plugin Demo) (HKLM\...\Plugin Galaxy 3.01 (Plugin Demo)_is1) (Version: - The Plugin Site)
PowerArchiver 2015 (HKLM-x32\...\PowerArchiver 2015 15.01.06) (Version: 15.01.06 - ConeXware, Inc.)
PowerArchiver 2015 (x32 Version: 15.01.06 - ConeXware, Inc.) Hidden
PreReq (x32 Version: 6.0.5.2 - Eastman Kodak Company) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 1.0 - Apollo Group, Inc.)
Singularity (remove only) (HKLM-x32\...\Singularity) (Version: - )
SingularityAlpha (64 bit) (remove only) (HKLM-x32\...\SingularityAlpha (64 bit)) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SP45629 - Intel Chipset Installation Utility (HKLM-x32\...\{7AB416C2-4AEC-4967-A873-E2A3B404E6EC}) (Version: 1.0.0 - Hewlett-Packard International Pte. Ltd.)
Splat! 1.0 (HKLM-x32\...\Splat) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
Stamps.com (x32 Version: 13.3.1.3017 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2013 (x32 Version: 12.2.0.2734 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Word 2000-2013 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2013) (Version: - Stamps.com, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Legend of Sleepy Hollow: Jar of Marbles III - Free to Play (HKLM-x32\...\BFG-The Legend of Sleepy Hollow - Jar of Marbles III - Free to Play) (Version: - )
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs, LLC)
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Ulead ArtTexture.Plugin 1.0 (HKLM-x32\...\Ulead ArtTexture.Plugin 1.0) (Version: - )
Ulead GIF-X.Plugin 2.0 (HKLM-x32\...\Ulead GIF-X.Plugin 2.0) (Version: - )
Ulead Particle.Plugin 1.0 (HKLM-x32\...\Ulead Particle.Plugin 1.0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WikFonts 1.5.1.2 (HKLM-x32\...\WikFonts_1.5.1.2_is1) (Version: 1 - WikMail.com)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20C32223-3BAC-4209-9ECB-5B3DA9FE6C22} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {4934DE90-72F7-43BD-96E1-83C16DF54E43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6CABEBA4-CE7F-4970-914F-732DDC2E9B8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-28] (HP Inc.)
Task: {82CB2FFC-AAB4-4494-AD13-A813CD20318B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {DBFC5F69-9871-4D0B-ABE9-FE5B915C98D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F3957B62-6ECC-4919-883E-21830E80978F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-28] (HP Inc.)
Task: {FA219EF0-3BA8-461B-AEDA-C1267AD4056D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAudio User.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Audio User\AppData\Local\ba75\5e9c.lnk -> C:\Users\Audio User\AppData\Local\ba75\88f9.bat (No File)
Shortcut: C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2016-01-25 09:59 - 2015-10-13 13:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-17 10:18 - 2013-07-29 19:38 - 00463360 _____ () C:\Program Files\Path Copy Copy\PCC64.dll
2014-07-28 04:39 - 2011-05-05 16:36 - 00022528 _____ () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-07-28 04:39 - 2011-05-05 16:36 - 01479680 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-07-28 04:39 - 2011-05-05 16:36 - 00977408 _____ () C:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-07-28 04:39 - 2011-05-05 16:36 - 01053696 _____ () C:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-07-28 04:39 - 2011-05-05 16:36 - 00155136 _____ () C:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2015-01-28 07:38 - 2015-01-28 07:38 - 00233472 _____ () C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe
2015-08-08 17:35 - 2015-04-23 09:47 - 00456176 _____ () C:\Users\Audio User\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2015-10-31 03:21 - 2015-10-31 03:22 - 13078440 _____ () C:\Users\Audio User\Downloads\Incredimail\IncrediMailSetup.exe
2014-04-01 19:38 - 2014-04-01 19:38 - 00802816 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\tide.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 01198592 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoFoundation.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00745472 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\CFLite.dll
2014-04-01 19:38 - 2014-04-01 19:38 - 00059904 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\zlib1.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 01234944 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\libxml2.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00126976 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\libproxy.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00196608 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\app\1.3.1-beta\tideapp.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00290816 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoUtil.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00511488 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoXML.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00098304 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\codec\1.3.1-beta\tidecodec.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00223232 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoZip.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00139264 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\database\1.3.1-beta\tidedatabase.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00294912 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoData.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00570368 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoSQLite.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00180224 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\filesystem\1.3.1-beta\tidefilesystem.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00075776 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\media\1.3.1-beta\tidemedia.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00086016 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\monkey\1.3.1-beta\tidemonkey.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00368640 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\network\1.3.1-beta\tidenetwork.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00642048 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\PocoNet.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00052224 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\platform\1.3.1-beta\tideplatform.dll
2014-04-01 19:37 - 2014-04-01 19:37 - 00688128 _____ () C:\Program Files (x86)\HughesNet Status Meter\runtime\1.3.1-beta\cairo.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00217088 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\process\1.3.1-beta\tideprocess.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00319488 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\ui\1.3.1-beta\tideui.dll
2014-04-01 19:40 - 2014-04-01 19:40 - 00061440 _____ () C:\Program Files (x86)\HughesNet Status Meter\modules\worker\1.3.1-beta\tideworker.dll
2015-06-02 11:18 - 2015-06-02 11:18 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-01-17 10:18 - 2013-07-29 19:39 - 00375808 _____ () C:\Program Files\Path Copy Copy\PCC32.dll
2016-07-09 02:11 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-09 02:11 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-09 02:11 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-09 02:11 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-09 02:11 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-20 07:53 - 2007-09-13 14:58 - 00292168 _____ () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\PsiClient.dll
2015-12-02 12:58 - 2015-11-16 14:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [176]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-07-20 12:34 - 00450767 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1   localhost127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15461 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: Media Center 19 Service => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: ProtexisLicensing => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: vToolbarUpdater14.0.1 => 2
MSCONFIG\startupfolder: C:^Users^Audio User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe => C:\Windows\pss\PowerReg Scheduler.exe.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Box Edit => C:\Users\Audio User\AppData\Local\Box\Box Edit\Box Edit.exe
MSCONFIG\startupreg: Box Local Com Server => C:\Users\Audio User\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
MSCONFIG\startupreg: CucusoftNetGuard => "C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe" /boot
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: Facebook Update =>
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSCONFIG\startupreg: HughesNetStatusMeter => "C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\Windows\system32\MAFWTray.exe
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files (x86)\Fellowes\MediaFACE 4.2\SetHook.exe
MSCONFIG\startupreg: MediaFire Tray => "C:\Users\Audio User\AppData\Local\MediaFire Desktop\mf_watch.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8E3F7B6A-1CFB-4156-AB42-2E25586D4E5F}C:\program files (x86)\singularity\slvoice.exe] => (Allow) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [UDP Query User{1FD5FE05-28DF-4640-83D4-2376B9413E9A}C:\program files (x86)\singularity\slvoice.exe] => (Allow) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [{EBD8F952-8071-42CF-A83A-993963D74F8A}] => (Block) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [{76294E70-7C8F-4F9B-855F-FC4FD9740FFF}] => (Block) C:\program files (x86)\singularity\slvoice.exe
FirewallRules: [TCP Query User{B3FD51A9-5391-49E6-A312-AE0E0132C77A}C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe
FirewallRules: [UDP Query User{398DCE24-7E59-4F97-99F8-73F10B82DB70}C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.x64.exe
FirewallRules: [TCP Query User{0ECA8386-1AD4-4732-91BD-49271DEEA493}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [UDP Query User{DEC97D05-14B7-41EC-BE91-5ED7A5C75776}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [TCP Query User{D0BABFB1-08DC-4599-8CC2-853D5928F122}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [UDP Query User{BEEB56D6-1F63-4166-BE38-70F7E0D708FE}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe
FirewallRules: [TCP Query User{71BD7307-3C2C-43CF-A8DE-D09E024C339D}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [UDP Query User{F8A210B9-7DF0-4F45-BF2F-99C13D3362C1}C:\program files\singularityalpha\slvoice.exe] => (Allow) C:\program files\singularityalpha\slvoice.exe
FirewallRules: [{5FE466C0-C0D4-40F0-A088-A6CCCCD72E1D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F7AFE0A4-A416-4AB5-8622-63F17FE8F35F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{77DF6586-665F-44A5-ABCB-60EE05A5F8F7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6CF15CDD-E582-423F-AD93-6AF7D02D90E9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{EAE21488-9FEE-4942-B715-1E1C4458CE75}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C698C698-B0BF-44FE-B7A5-BB66F98853C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2854E073-511B-4AD0-A8F5-9825BF33F09C}] => (Allow) LPort=9322
FirewallRules: [{B09EB2B5-7105-4034-AEAA-31AC56C38201}] => (Allow) LPort=5353
FirewallRules: [{AE9E39F4-130D-41D5-A2F1-37A16F47E97B}] => (Allow) LPort=9322
FirewallRules: [{D4AA43ED-52D6-4365-BC7B-95F113795DD1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2736EF24-BB95-4B3B-9AF0-CAA1441994FB}] => (Allow) LPort=2869
FirewallRules: [{6EFE16ED-6A37-45A3-ADFD-128296A81E27}] => (Allow) LPort=1900
FirewallRules: [{9AC82F8F-591F-4B03-9723-ABDD00B811D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{69884C28-D093-4F11-AF9E-1DC1632F2210}] => (Allow) J:\MY DOWNLOADS FROM C- DRIVE\IM Content\incredimail_install.exe
FirewallRules: [{9EA9C0EB-4B73-4460-8D56-25484169618E}] => (Allow) J:\MY DOWNLOADS FROM C- DRIVE\IM Content\incredimail_install.exe
FirewallRules: [{CA912A8F-BEDB-41C8-B136-3FE8D77F2187}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{735D0557-A0A4-402F-ACF5-072BE8F8ABC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-07-2016 11:36:05 AA11
19-07-2016 11:36:51 AA11
20-07-2016 11:32:04 JRT Pre-Junkware Removal
20-07-2016 12:33:22 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Internet Access Server
Description: Internet Access Server
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2016 12:33:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {97e10b8c-e0b6-4f0a-86fc-b3902ab7b0dc}

Error: (07/18/2016 04:11:50 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (07/18/2016 04:08:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (07/17/2016 11:28:37 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0x80070005
Partial Pkey=7HKHR
ACID=?
Detailed Error[?]

Error: (07/17/2016 11:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ekdiscovery.exe, version: 5.4.6.3, time stamp: 0x4c815873
Faulting module name: ekdiscovery.exe, version: 5.4.6.3, time stamp: 0x4c815873
Exception code: 0xc0000005
Fault offset: 0x0000b9f9
Faulting process id: 0xbf4
Faulting application start time: 0xekdiscovery.exe0
Faulting application path: ekdiscovery.exe1
Faulting module path: ekdiscovery.exe2
Report Id: ekdiscovery.exe3

Error: (07/17/2016 10:09:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x1f24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/17/2016 10:09:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x1850
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/17/2016 08:56:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Allpcoptimizer.exe, version: 2.0.0.1, time stamp: 0x57469eb4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x2b30
Faulting application start time: 0xAllpcoptimizer.exe0
Faulting application path: Allpcoptimizer.exe1
Faulting module path: Allpcoptimizer.exe2
Report Id: Allpcoptimizer.exe3

Error: (07/17/2016 08:56:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Allpcoptimizer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at WinPCOptimizer.App.Main()

Error: (07/17/2016 08:49:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QuickCleanerUS2.exe, version: 1.0.0.0, time stamp: 0x572afa3a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x2e2c
Faulting application start time: 0xQuickCleanerUS2.exe0
Faulting application path: QuickCleanerUS2.exe1
Faulting module path: QuickCleanerUS2.exe2
Report Id: QuickCleanerUS2.exe3

System errors:
=============
Error: (07/20/2016 01:41:16 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.225.1908.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.9.0218.00

   Source Path: 4.9.0218.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (07/20/2016 12:34:59 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.225.1908.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.9.0218.00

   Source Path: 4.9.0218.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/20/2016 12:33:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2014-09-11 15:51:30.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 14:16:06.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 09:40:32.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 06:42:44.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-11 06:30:25.361
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 11:13:06.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 10:41:08.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 07:59:08.379
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-10 07:18:40.312
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-08 06:53:52.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Cucusoft\NetGuard\BandwidthGuard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 43%
Total physical RAM: 6134.87 MB
Available physical RAM: 3455.96 MB
Total Virtual: 12567.93 MB
Available Virtual: 9669 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:239.58 GB) (Free:128.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.78 GB) (Free:0.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: () (Fixed) (Total:0.11 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (MY BOOK) (Fixed) (Total:298.01 GB) (Free:94.8 GB) FAT32
Drive k: (Graphics) (Fixed) (Total:209.1 GB) (Free:135.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 580F697D)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=117 MB) - (Type=42)
Partition 3: (Not Active) - (Size=82 MB) - (Type=42)
Partition 4: (Not Active) - (Size=239.6 GB) - (Type=42)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End of Addition.txt ============================

#8
zep516

Posted 21 July 2016 - 08:39 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Download the enclosed =>

fixlist.txt 647bytes 196 downloads Save it in the location FRST64 is(C:\FRST). Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (C:\FRST) (Fixlog.txt). Please post it to your reply.

Next

Please run a Combofix scan,
You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

Please post the Log from Combofix

Combofix usuage guide
http://www.bleepingc...to-use-combofix

#9
Icey1950

Posted 22 July 2016 - 07:41 AM

Member

Topic Starter
Member
49 posts

Hi Zep516,

Thanks again for your time..

Icey

Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Audio User (administrator) on AUDIOUSER-PC (22-07-2016 08:15:19)
Running from C:\FRST
Loaded Profiles: Audio User (Available Profiles: Audio User & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
() C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
() C:\Users\Audio User\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlsInterface.exe
() C:\Windows\SysWOW64\PSIService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\Spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\...\Run: [HughesNetStatusMeter] => C:\Program Files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe [233472 2015-01-28] ()
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ADVENT~1.SCR

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1151463B-E31E-4485-BA27-2DBA8FB7D88C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{38909CD8-DB01-4FA6-9635-A91098A84D91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{38909CD8-DB01-4FA6-9635-A91098A84D91}: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D9A51A99-C084-470B-BBD0-F93A951A34FB}: [DhcpNameServer] 67.142.172.20 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.0.1/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
IE Session Restore: HKU\S-1-5-21-2365759274-3180811660-3926093282-1000 -> is enabled.
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-09-20] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Speed Dial - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2016-07-19]
FF Extension: All Aboard - C:\Users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default\Extensions\@all-aboard-v1 [2016-07-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome:
=======
CHR Profile: C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ColorZilla) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-12-24]
CHR Extension: (Kindle Cloud Launcher) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabgeinondjemaplkkcifnplhcbeeiob [2015-01-07]
CHR Extension: (FVDtab speed dial) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cklafljchoobldkimicddpobdpfkckfp [2016-07-19]
CHR Extension: (AdBlock) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-17]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2016-07-19]
CHR Extension: (Ghostify Hide Geo FREE) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp [2016-07-19]
CHR Extension: (Typing Tutor) - C:\Users\Audio User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppodolbmofkadjlohmiofjladlpfked [2015-01-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [oaocmnfllndpbbmjmniielgaanaifehp] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://Google.com/h?eq=U0EeCFZVBB8SRggbdQhcUgtJRxgUcQAITA0SQwAOeQ8MUhQQGAcbdA0BBAxFGA0FIk0FA1oDB0VXfV5bFElXTwhuL0tdM1wCVFlXM3FNAw=="
OPR Session Restore: -> is enabled.

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [399096 2016-03-14] (JRiver, Inc.)
R2 MF NTFS Monitor; C:\Users\Audio User\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456176 2015-04-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 nlsInterface; C:\Windows\system32\nlsInterface.exe [72192 2009-04-03] (Nalpeiron Ltd.) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [231944 2009-07-29] (Avid Technology, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-04-23] (Windows ® Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S4 NVHDA; no ImagePath
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 08:08 - 2016-07-22 08:08 - 05659291 _____ (Swearware) C:\Users\Audio User\Desktop\ComboFix.exe
2016-07-21 10:05 - 2016-07-21 10:05 - 00002095 _____ C:\Users\Public\Desktop\IncrediBackup.lnk
2016-07-21 10:05 - 2016-07-21 10:05 - 00000000 ____D C:\Program Files (x86)\IncrediBackup
2016-07-21 10:04 - 2016-07-21 11:35 - 00000000 ____D C:\Program Files (x86)\Nucleus Kernel IncrediMail Evaluation version
2016-07-21 08:59 - 2016-07-21 08:59 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
2016-07-21 08:59 - 2016-07-21 08:59 - 00002061 _____ C:\Users\Public\Desktop\IncrediMail.lnk
2016-07-21 08:29 - 2016-07-21 08:40 - 00000000 ____D C:\Users\Audio User\Downloads\GEEKSTOGO LOGS
2016-07-20 20:36 - 2016-07-22 07:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-20 20:36 - 2016-07-20 20:36 - 00001170 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-20 20:36 - 2016-07-20 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-20 20:36 - 2016-07-20 20:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 20:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-20 20:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-20 20:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-20 12:07 - 2016-07-22 08:15 - 00000000 ____D C:\FRST
2016-07-20 11:31 - 2016-07-20 11:31 - 01610560 _____ (Malwarebytes) C:\Users\Audio User\Downloads\JRT.exe
2016-07-19 11:42 - 2016-07-19 11:42 - 03143496 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Audio User\Downloads\AVG_Protection_Free_1599.exe.part
2016-07-19 11:40 - 2016-07-19 11:40 - 02135856 _____ C:\Users\Audio User\Downloads\Adaware_Installer.exe.part
2016-07-19 10:33 - 2016-07-19 10:40 - 00000000 ____D C:\Users\Audio User\AppData\Local\Mozilla
2016-07-19 10:33 - 2016-07-19 10:34 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Mozilla
2016-07-19 10:33 - 2016-07-19 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-19 10:21 - 2016-07-19 10:23 - 48521840 _____ C:\Users\Audio User\Downloads\Firefox Setup 47.0.1.exe
2016-07-19 10:21 - 2016-07-19 10:21 - 00000000 ____D C:\ProgramData\Lavasoft
2016-07-18 09:06 - 2016-07-19 10:33 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-18 04:02 - 2016-07-18 04:02 - 00149544 _____ C:\Users\Audio User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-18 03:49 - 2016-07-18 03:49 - 00008192 ___SH C:\Users\Audio User\AppData\Roaming\Thumbs.db
2016-07-17 11:22 - 2016-07-17 11:22 - 00000000 ____D C:\Windows\system32\sypd
2016-07-17 11:22 - 2016-07-17 11:22 - 00000000 ____D C:\Windows\system32\jise
2016-07-17 11:16 - 2016-07-17 11:16 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-17 07:49 - 2016-07-17 07:50 - 00002090 _____ C:\Users\Audio\Local State
2016-07-17 07:42 - 2016-07-17 07:50 - 00000000 ____D C:\Users\Audio\Default
2016-07-17 07:42 - 2016-07-17 07:50 - 00000000 ____D C:\Users\Audio
2016-07-17 07:42 - 2016-07-17 07:49 - 00000000 ____D C:\Users\Audio\ShaderCache
2016-07-16 11:46 - 2016-07-16 11:46 - 00000000 ____D C:\Camouflage
2016-07-14 01:27 - 2016-07-14 01:27 - 20466368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-13 02:24 - 2016-07-13 02:58 - 00000746 _____ C:\LoadLogTextFormat.txt
2016-07-13 02:22 - 2016-07-13 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlphaPlugins
2016-07-13 02:22 - 2004-10-03 17:41 - 00167936 _____ (Panopticum,LLC. Maxim Chernousov, [email protected], [email protected].) C:\Windows\SysWOW64\Engine3D.dll
2016-07-12 05:44 - 2016-07-12 05:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-11 16:48 - 2016-07-11 16:48 - 00102559 _____ C:\Windows\4f8c888a28369b10018fca3f3d082720.exe
2016-07-11 16:48 - 2016-07-11 16:48 - 00079952 _____ C:\Windows\system32\Drivers\dc23c7a24c6f29a668d251d65fd47b3f.sys
2016-07-09 21:41 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-09 21:41 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-09 21:41 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-09 21:41 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-09 21:41 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-09 21:41 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-09 21:41 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-09 21:41 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-09 21:41 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-09 21:41 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-09 21:41 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-09 21:41 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-09 21:41 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-09 21:41 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-09 21:41 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-09 21:38 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-09 21:38 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-09 21:38 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-09 21:38 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-09 21:38 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-09 21:38 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-09 21:38 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-09 21:38 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-09 21:38 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-09 21:38 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-09 21:38 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-09 21:38 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-09 21:38 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-09 21:38 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-09 21:38 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-09 21:38 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-09 21:38 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-09 21:38 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-09 21:38 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-09 21:38 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-09 21:37 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-09 21:37 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-09 21:37 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-09 21:37 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-09 21:37 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-09 21:37 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-09 21:37 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-09 21:37 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-09 21:37 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-09 21:37 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-09 21:37 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-09 21:37 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-09 21:37 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-09 21:37 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-09 21:37 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-09 21:37 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-09 21:37 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-09 21:37 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-09 21:37 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-09 21:37 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-09 21:37 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-09 21:37 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-09 21:37 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-09 21:37 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-09 21:37 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-09 21:37 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-09 21:37 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-09 21:37 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-09 21:37 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-09 21:37 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-09 21:37 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-09 21:37 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-09 21:37 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-09 21:37 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-09 21:37 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-09 21:37 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-09 21:37 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-09 21:37 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-09 21:37 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-09 21:37 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-09 21:37 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-09 21:37 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-09 21:37 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-09 21:37 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-09 21:37 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-09 21:37 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-09 21:37 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-09 21:37 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-09 21:37 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-09 21:37 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-09 21:37 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-09 21:37 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-09 21:37 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-09 21:37 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-09 21:37 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-09 21:37 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-09 21:37 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-09 21:37 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-09 21:37 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-09 21:37 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-09 21:37 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-09 21:37 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-09 21:35 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-09 21:35 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-09 21:35 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-09 21:35 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-09 21:35 - 2016-01-06 15:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-09 21:35 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-09 21:35 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-09 21:35 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-09 21:35 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-09 21:35 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-09 21:35 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-09 21:35 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-09 21:34 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-09 21:34 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-09 21:34 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-09 21:34 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-09 21:34 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-09 21:34 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-09 21:34 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-09 21:34 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-09 21:34 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-09 21:34 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-09 21:34 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-09 21:34 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-09 21:34 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-09 21:34 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-09 21:34 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-07-09 21:34 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-07-09 21:33 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-09 21:33 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-09 21:33 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-09 21:33 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-09 21:33 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-09 21:33 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-09 21:33 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-09 21:33 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-09 21:33 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-09 21:33 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-09 21:33 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-09 21:33 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-09 21:33 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-09 21:33 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-09 21:33 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-07-09 21:33 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-07-09 21:33 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-07-09 21:33 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-07-09 21:33 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-07-09 21:33 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-07-09 21:33 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-07-09 21:33 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-07-09 21:33 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-07-09 21:33 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-07-09 21:33 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-07-09 21:33 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-07-09 21:33 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-07-09 21:33 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-07-09 21:33 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-07-09 21:32 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-09 21:32 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-09 21:32 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-09 21:32 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-09 21:32 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-09 21:32 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-09 21:32 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-09 21:32 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-09 21:32 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-09 21:32 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-09 21:32 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-09 21:32 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-09 21:32 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-09 21:32 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-09 21:32 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-09 21:32 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-09 21:32 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-09 21:32 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-09 21:32 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-09 21:32 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-09 21:32 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-09 21:32 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-09 21:32 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-09 21:32 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-09 21:32 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-09 21:32 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-09 21:32 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-09 21:31 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-09 21:31 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-09 21:31 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-09 21:31 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-09 21:31 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-09 21:31 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-09 21:31 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-09 21:31 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-09 21:31 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-09 21:31 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-09 21:31 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-09 21:31 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-07-09 21:31 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-07-09 21:31 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-07-09 21:28 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-09 21:28 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-09 21:28 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-09 21:28 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-09 21:28 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-09 21:28 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-09 21:28 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-09 21:28 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-09 21:28 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-09 21:28 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-09 21:28 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-09 21:28 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-09 21:28 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-09 21:28 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-09 21:28 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-09 21:28 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-09 21:27 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-09 21:27 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-09 02:51 - 2016-07-09 02:51 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-09 02:27 - 2016-06-29 18:55 - 00000853 _____ C:\Windows\system32\Drivers\etc\hosts.20160709-022745.backup
2016-07-09 02:12 - 2016-07-09 02:12 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-07-09 02:11 - 2016-07-18 09:06 - 00001443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-09 02:11 - 2016-07-18 09:05 - 00001431 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-07-09 02:11 - 2016-07-09 02:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-09 02:11 - 2016-07-09 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-09 02:11 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-07-08 21:54 - 2016-07-08 21:55 - 00000000 ____D C:\Splat
2016-07-07 23:02 - 2016-07-07 23:02 - 13076440 _____ C:\Users\Audio User\Downloads\IncrediMailSetup.exe
2016-07-05 22:08 - 2016-07-05 22:08 - 00000011 _____ C:\Windows\3DShadow.INI
2016-07-05 21:59 - 2016-07-05 21:59 - 00000000 ____D C:\Program Files (x86)\Lokas
2016-07-05 01:37 - 2016-07-07 20:09 - 00000000 ____D C:\Users\Audio User\AppData\Local\ba75
2016-07-05 01:37 - 2016-07-05 01:37 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\e609
2016-06-30 21:26 - 2016-07-21 10:28 - 00000000 ____D C:\Users\Audio User\Documents\Incredimail
2016-06-29 19:01 - 2016-07-21 09:44 - 00000000 ____D C:\Users\Audio User\Documents\CCleaner backups
2016-06-29 18:26 - 2016-06-29 18:26 - 00000000 ____D C:\Program Files\Reason
2016-06-28 20:01 - 2016-06-28 20:01 - 06569088 _____ (Tim Kosse) C:\Users\Audio User\Downloads\FileZilla_3.19.0_win64-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-22 08:04 - 2009-07-14 00:45 - 00025872 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-22 08:04 - 2009-07-14 00:45 - 00025872 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-22 07:55 - 2016-02-11 09:09 - 00000000 ____D C:\ProgramData\Kodak
2016-07-22 07:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-21 11:36 - 2014-03-17 22:56 - 00000000 ____D C:\Program Files (x86)\Trillian
2016-07-21 11:35 - 2014-01-10 00:39 - 00000000 ____D C:\ProgramData\TEMP
2016-07-21 10:25 - 2015-10-17 23:19 - 00000000 ____D C:\Users\Audio User\Documents\My PSP Files
2016-07-21 10:25 - 2013-10-12 02:22 - 00004704 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2016-07-21 10:25 - 2013-10-12 02:22 - 00000000 ____D C:\Users\Audio User\AppData\Local\Corel
2016-07-21 10:05 - 2015-08-25 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediBackup
2016-07-21 10:03 - 2015-08-25 00:47 - 00000000 ____D C:\Users\Audio User\Downloads\Incredimail
2016-07-21 09:17 - 2015-04-22 06:21 - 00000000 ____D C:\Users\Audio User\Downloads\WEB TOOLS
2016-07-21 08:59 - 2014-01-17 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
2016-07-21 08:59 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-21 08:58 - 2014-01-17 08:02 - 00000000 ____D C:\Program Files (x86)\IncrediMail
2016-07-20 12:37 - 2016-03-28 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-20 12:37 - 2016-01-02 21:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-20 12:37 - 2016-01-02 21:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-20 12:34 - 2014-03-28 18:25 - 00000000 ____D C:\Users\Audio User\AppData\LocalLow\Temp
2016-07-20 11:59 - 2013-11-23 20:55 - 00000000 ____D C:\AdwCleaner
2016-07-19 10:56 - 2015-11-03 02:41 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Professional Edition 9.1
2016-07-19 10:33 - 2016-06-10 01:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-19 10:24 - 2014-06-02 05:32 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Brave Giant
2016-07-19 10:02 - 2014-07-01 04:24 - 00000000 ____D C:\Windows\Evil Pumpkin - The Lost Halloween
2016-07-19 10:02 - 2013-09-20 01:59 - 00000000 ____D C:\Users\Audio User\AppData\Local\Apps\2.0
2016-07-18 09:06 - 2016-04-13 17:12 - 00001506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-07-18 09:06 - 2016-04-06 22:12 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 4.lnk
2016-07-18 09:06 - 2016-02-02 04:29 - 00002227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
2016-07-18 09:06 - 2016-01-02 21:06 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-18 09:06 - 2015-12-17 08:25 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 5.lnk
2016-07-18 09:06 - 2015-10-31 03:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-18 09:06 - 2015-09-16 16:25 - 00002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
2016-07-18 09:06 - 2015-07-14 16:01 - 00002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-18 09:06 - 2015-06-12 09:58 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Nature Manual.lnk
2016-07-18 09:06 - 2014-02-12 04:25 - 00002665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipsePalette.lnk
2016-07-18 09:06 - 2014-02-01 07:47 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2016-07-18 09:06 - 2014-01-31 23:50 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenofex 2 Manual.lnk
2016-07-18 09:06 - 2014-01-30 17:58 - 00001488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
2016-07-18 09:06 - 2014-01-30 17:55 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-07-18 09:06 - 2014-01-30 17:54 - 00001306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-07-18 09:06 - 2014-01-30 17:52 - 00001563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-07-18 09:06 - 2014-01-30 17:52 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-07-18 09:06 - 2014-01-28 11:41 - 00000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5 Impact Manual.lnk
2016-07-18 09:06 - 2014-01-25 21:18 - 00000892 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eye Candy 5.0 Textures Manual.lnk
2016-07-18 09:06 - 2014-01-17 11:26 - 00001752 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PowerArchiver.lnk
2016-07-18 09:06 - 2013-09-19 05:49 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-18 09:06 - 2013-09-19 05:49 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-18 09:06 - 2013-09-19 04:31 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-18 09:06 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-18 09:06 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-18 09:06 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-18 09:06 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-18 09:05 - 2016-03-11 06:55 - 00002378 _____ C:\Users\Public\Desktop\Play Living Legends - Bound by Wishes Collectors Edition.lnk
2016-07-18 09:05 - 2016-03-05 05:17 - 00002376 _____ C:\Users\Public\Desktop\Play Myths of the World - Spirit Wolf Collectors Edition.lnk
2016-07-18 09:05 - 2016-02-03 07:10 - 00001118 _____ C:\Users\Audio User\Desktop\AMP Font Viewer.lnk
2016-07-18 09:05 - 2016-01-24 06:26 - 00001465 _____ C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-18 09:05 - 2016-01-20 05:58 - 00002283 _____ C:\Users\Public\Desktop\Play Haunted Hotel - Phoenix Collectors Edition.lnk
2016-07-18 09:05 - 2015-12-06 03:29 - 00002101 _____ C:\Users\Audio User\Desktop\DAZ Install Manager.lnk
2016-07-18 09:05 - 2014-03-30 16:05 - 00001161 _____ C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2016-07-18 05:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-18 04:48 - 2014-01-27 15:18 - 00000000 ____D C:\Users\Audio User\Documents\ADDRESSES
2016-07-18 04:19 - 2013-11-12 02:19 - 00000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2016-07-18 04:14 - 2013-09-20 16:50 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-07-17 12:37 - 2014-07-09 22:33 - 00000000 ____D C:\Windows\Haunted Hotel 6- Ancient Bane Collector's Edition
2016-07-17 12:05 - 2013-09-26 22:31 - 00000000 ____D C:\Program Files (x86)\J River
2016-07-17 12:03 - 2013-11-12 02:17 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cool VL Viewer
2016-07-17 12:03 - 2013-11-12 02:17 - 00000000 ____D C:\Program Files (x86)\CoolVLViewer-1.26.10
2016-07-17 11:28 - 2013-09-19 04:18 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\DNSAPI.dll
2016-07-17 11:24 - 2016-03-24 15:28 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForAudio User.job
2016-07-17 11:23 - 2013-09-19 04:18 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-07-17 11:20 - 2015-12-04 05:52 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-07-17 11:16 - 2015-06-16 21:31 - 00000000 ____D C:\Users\Audio User\AppData\Local\CrashDumps
2016-07-17 08:13 - 2015-03-31 16:02 - 00000000 ____D C:\Program Files (x86)\Screen Calipers 4.0
2016-07-17 07:28 - 2013-09-20 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-07-17 05:12 - 2009-07-14 00:45 - 05137440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-16 15:18 - 2016-01-05 18:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-16 14:06 - 2015-04-11 22:19 - 00000000 ____D C:\Users\Audio User\Downloads\Font
2016-07-16 12:06 - 2016-01-29 06:31 - 00000000 ____D C:\Users\Audio User\Downloads\Plugins
2016-07-14 01:28 - 2016-01-02 13:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 01:28 - 2016-01-02 13:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 02:27 - 2013-09-19 07:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 02:27 - 2013-09-19 07:16 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 02:22 - 2013-09-20 13:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-13 00:50 - 2009-07-14 01:13 - 00835878 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-12 05:44 - 2014-07-21 17:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-12 05:44 - 2014-07-21 17:06 - 00000000 ____D C:\ProgramData\Skype
2016-07-12 04:21 - 2015-10-10 18:08 - 00000000 ____D C:\Users\Audio User\AppData\Local\IM
2016-07-12 03:43 - 2013-09-25 22:17 - 00000000 ____D C:\Users\Audio User\AppData\Local\ElevatedDiagnostics
2016-07-11 22:26 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-07-10 23:55 - 2011-04-12 04:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-10 23:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-10 02:50 - 2013-09-19 04:59 - 00000000 ____D C:\Windows\system32\MRT
2016-07-10 02:36 - 2013-09-19 04:59 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-10 02:34 - 2013-09-20 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-10 02:32 - 2013-09-20 11:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-10 02:32 - 2013-09-20 11:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-10 02:19 - 2013-10-24 17:21 - 00812600 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-10 02:00 - 2014-03-29 19:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-09 21:02 - 2015-04-18 02:02 - 00000000 ____D C:\Users\Audio User\Downloads\Alien Skin
2016-07-09 02:27 - 2009-07-13 22:34 - 00450732 ____R C:\Windows\system32\Drivers\etc\hp.bak
2016-07-09 01:36 - 2013-09-20 11:37 - 00000000 ____D C:\Windows\pss
2016-07-08 22:02 - 2014-01-25 21:13 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Alien Skin
2016-07-07 20:16 - 2015-07-14 15:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-07 00:11 - 2015-11-09 02:08 - 00000000 ____D C:\Users\Audio User\Downloads\Coloring Books
2016-07-06 21:13 - 2015-04-22 04:40 - 00000000 ____D C:\Users\Audio User\Downloads\Photoshop
2016-07-06 20:39 - 2010-11-20 23:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 21:59 - 2015-10-11 13:06 - 00044544 ____N C:\Windows\AWuninstall.exe
2016-07-05 21:24 - 2014-01-28 11:41 - 00000000 ____D C:\Alien Skin
2016-07-05 21:24 - 2014-01-25 21:18 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2016-07-05 20:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-07-04 00:34 - 2013-09-19 04:32 - 00001945 _____ C:\Windows\epplauncher.mif
2016-07-04 00:33 - 2013-09-19 04:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-04 00:33 - 2013-09-19 04:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-07-02 23:50 - 2013-09-19 07:17 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Adobe
2016-07-02 21:32 - 2013-10-12 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro Photo X2
2016-07-02 16:28 - 2016-01-05 17:04 - 00000000 ____D C:\Users\Audio User\Desktop\JES PLUGIN LESSONS
2016-06-30 22:21 - 2016-06-06 00:03 - 00000000 ____D C:\Users\Audio User\Desktop\PLETHORA LESSONS
2016-06-29 20:26 - 2016-06-20 02:15 - 00000000 __HDC C:\ProgramData\{83F263BF-0076-4C4C-93DC-A3EA0CEB7184}
2016-06-29 20:26 - 2016-06-20 02:15 - 00000000 __HDC C:\ProgramData\{63B3AF69-722B-4FA9-965F-94DEB1E78796}
2016-06-29 20:26 - 2016-06-20 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2016-06-29 20:26 - 2016-06-20 02:13 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2016-06-29 20:26 - 2016-02-12 16:21 - 00000000 ____D C:\Users\Audio User\AppData\Local\Eastman_Kodak_Company
2016-06-29 20:26 - 2014-05-25 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Galaxy
2016-06-29 20:26 - 2014-02-20 14:48 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WD Diagnostics
2016-06-29 20:26 - 2013-09-19 03:04 - 00000000 ____D C:\Users\Audio User
2016-06-28 22:14 - 2014-07-10 22:04 - 00000756 _____ C:\Windows\nvrph.ini
2016-06-28 20:04 - 2014-01-21 19:16 - 00000000 ____D C:\Users\Audio User\AppData\Roaming\FileZilla
2016-06-26 10:04 - 2009-07-14 01:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-24 15:01 - 2015-09-25 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PluginsGalaxy

==================== Files in the root of some directories =======

2014-08-15 07:01 - 2015-11-09 01:05 - 0000363 _____ () C:\Program Files (x86)\RecentPlaces.lnk
2014-02-12 02:53 - 2015-01-16 14:50 - 0000132 _____ () C:\Users\Audio User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-07-18 03:49 - 2016-07-18 03:49 - 0008192 ___SH () C:\Users\Audio User\AppData\Roaming\Thumbs.db
2015-04-04 00:13 - 2015-10-10 21:19 - 0004608 _____ () C:\Users\Audio User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-14 10:33 - 2016-03-17 18:10 - 0010374 _____ () C:\Users\Audio User\AppData\Local\installer.log
2013-11-10 06:39 - 2013-11-10 06:39 - 0000080 _____ () C:\Users\Audio User\AppData\Local\X-Plane Installer.prf
2013-11-10 06:37 - 2013-11-10 06:37 - 0000046 _____ () C:\Users\Audio User\AppData\Local\x-plane_install_10.txt
2016-02-22 20:42 - 2016-02-22 20:42 - 0000000 _____ () C:\Users\Audio User\AppData\Local\{E2817094-16B9-441C-A0CA-D72AEC9E0246}
2013-10-06 05:45 - 2016-02-02 04:41 - 0000512 _____ () C:\ProgramData\HPWALog.txt

Some files in TEMP:
====================
C:\Users\Audio User\AppData\Local\Temp\parctmp.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-07 07:12

==================== End of FRST.txt ============================

ComboFix 16-07-16.01 - Audio User 07/22/2016   9:11.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.4042 [GMT -4:00]
Running from: c:\users\Audio User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe
c:\windows\4f8c888a28369b10018fca3f3d082720.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
K:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-06-22 to 2016-07-22 )))))))))))))))))))))))))))))))
.
.
2016-07-21 14:05 . 2016-07-21 14:05   --------   d-----w-   c:\program files (x86)\IncrediBackup
2016-07-21 14:04 . 2016-07-21 15:35   --------   d-----w-   c:\program files (x86)\Nucleus Kernel IncrediMail Evaluation version
2016-07-21 00:36 . 2016-07-22 13:27   192216   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-21 00:36 . 2016-07-21 00:36   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2016-07-21 00:36 . 2016-03-10 18:09   64896   ----a-w-   c:\windows\system32\drivers\mwac.sys
2016-07-21 00:36 . 2016-03-10 18:08   140672   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2016-07-21 00:36 . 2016-03-10 18:08   27008   ----a-w-   c:\windows\system32\drivers\mbam.sys
2016-07-20 16:07 . 2016-07-22 12:19   --------   d-----w-   C:\FRST
2016-07-17 15:22 . 2016-07-17 15:22   --------   d-----w-   c:\windows\system32\sypd
2016-07-17 15:22 . 2016-07-17 15:22   --------   d-----w-   c:\windows\system32\jise
2016-07-17 11:42 . 2016-07-17 11:50   --------   d-----w-   c:\users\Audio
2016-07-16 15:46 . 2016-07-16 15:46   --------   d-----w-   C:\Camouflage
2016-07-14 05:27 . 2016-07-14 05:27   20466368   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-07-13 06:22 . 2004-10-03 21:41   167936   ----a-w-   c:\windows\SysWow64\Engine3D.dll
2016-07-12 09:44 . 2016-07-12 09:44   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2016-07-11 20:48 . 2016-07-11 20:48   79952   ----a-w-   c:\windows\system32\drivers\dc23c7a24c6f29a668d251d65fd47b3f.sys
2016-07-10 01:38 . 2016-05-13 22:15   382184   ----a-w-   c:\windows\system32\atmfd.dll
2016-07-10 01:37 . 2016-05-20 22:18   49664   ----a-w-   c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2016-07-10 01:35 . 2015-11-13 23:09   91648   ----a-w-   c:\windows\system32\mapistub.dll
2016-07-10 01:34 . 2016-03-17 22:56   2084864   ----a-w-   c:\windows\system32\ole32.dll
2016-07-10 01:33 . 2016-04-09 07:01   986344   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2016-07-10 01:32 . 2015-12-08 19:07   624640   ----a-w-   c:\windows\system32\qedit.dll
2016-07-10 01:31 . 2016-01-22 06:02   290816   ----a-w-   c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-07-10 01:28 . 2016-04-09 07:01   5546216   ----a-w-   c:\windows\system32\ntoskrnl.exe
2016-07-10 01:27 . 2016-04-09 04:20   1230848   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2016-07-10 01:27 . 2016-04-09 03:52   1424896   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2016-07-09 06:51 . 2016-07-09 06:51   --------   d-----w-   c:\program files\Common Files\AV
2016-07-09 06:11 . 2013-09-20 14:49   21040   ----a-w-   c:\windows\system32\sdnclean64.exe
2016-07-09 06:11 . 2016-07-09 06:51   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy 2
2016-07-09 01:54 . 2016-07-09 01:55   --------   d-----w-   C:\Splat
2016-07-06 01:59 . 2016-07-06 01:59   --------   d-----w-   c:\program files (x86)\Lokas
2016-07-05 05:37 . 2016-07-08 00:09   --------   d-----w-   c:\users\Audio User\AppData\Local\ba75
2016-07-05 05:37 . 2016-07-05 05:37   --------   d-----w-   c:\users\Audio User\AppData\Roaming\e609
2016-06-30 11:55 . 2016-06-30 11:55   226488   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-06-29 22:26 . 2016-06-29 22:26   --------   d-----w-   c:\program files\Reason
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-22 13:25 . 2016-07-21 13:01   75888   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467B4DF7-9B7E-46CF-BF1A-3BB5B52B7A41}\offreg.996.dll
2016-07-17 15:28 . 2013-09-19 08:18   357888   ----a-w-   c:\windows\system32\DNSAPI.dll
2016-07-14 05:28 . 2016-01-02 17:49   796352   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 05:28 . 2016-01-02 17:49   142528   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-10 06:36 . 2013-09-19 08:59   142482544   ----a-w-   c:\windows\system32\MRT.exe
2016-07-07 00:39 . 2010-11-21 03:27   485032   ------w-   c:\windows\system32\MpSigStub.exe
2016-07-06 01:59 . 2015-10-11 17:06   44544   ------w-   c:\windows\AWuninstall.exe
2016-07-06 00:25 . 2012-07-17 18:37   24800   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-06-29 23:17 . 2014-02-20 18:48   40960   ----a-r-   c:\users\Audio User\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2016-06-21 22:04 . 2016-07-19 14:21   12007136   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{467B4DF7-9B7E-46CF-BF1A-3BB5B52B7A41}\mpengine.dll
2016-06-21 22:04 . 2016-07-17 12:03   12007136   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-18 11:51 . 2016-07-13 05:03   1167568   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{574355D6-19CC-463D-89AB-DAAFA5D7E5E0}\gapaengine.dll
2016-05-18 11:51 . 2013-10-18 14:58   1167568   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-24 04:47 . 2015-12-27 10:32   97856   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-04-15 8698584]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
R3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys;c:\windows\SYSNATIVE\DRIVERS\mafw.sys [x]
R3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys;c:\windows\SYSNATIVE\MDA_NTDRV.sys [x]
R3 Media Center 21 Service;JRiver Media Center 21 Service;c:\program files (x86)\J River\Media Center 21\JRService.exe;c:\program files (x86)\J River\Media Center 21\JRService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [x]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE;c:\windows\SYSNATIVE\ASTSRV.EXE [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CS_SysMsgProxy;CS_SysMsgProxy;c:\program files\Cucusoft\NetGuard\SysMsgProxySrvc.sys;c:\program files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [x]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MF NTFS Monitor;MediaFire NTFS Monitor;c:\users\AUDIOU~1\AppData\Local\MEDIAF~1\MFUSNM~1.EXE;c:\users\AUDIOU~1\AppData\Local\MEDIAF~1\MFUSNM~1.EXE [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe;c:\windows\SYSNATIVE\nlsInterface.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs   REG_MULTI_SZ     w3svc was
apphost   REG_MULTI_SZ     apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 06:22   1245848   ----a-w-   c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55   322232   ----a-w-   c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-16 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14 05:28]
.
2016-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02 07:15]
.
2016-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-03 01:04]
.
2016-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-03 01:04]
.
2016-07-17 c:\windows\Tasks\HPCeeScheduleForAudio User.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\System32\Spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://192.168.0.1/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 67.142.172.20 8.8.8.8 8.8.4.4
TCP: Interfaces\{1151463B-E31E-4485-BA27-2DBA8FB7D88C}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38909CD8-DB01-4FA6-9635-A91098A84D91}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Audio User\AppData\Roaming\Mozilla\Firefox\Profiles\0qa8by4n.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-HughesNetStatusMeter - c:\program files (x86)\HughesNet Status Meter\HughesNet Status Meter.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-3D Shadow by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\3D Shadow
AddRemove-Artistic Effects by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\Artistic Effects
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ACAE922E-4DEA-021D-5C64-6BBA0DE86BAD}*]
"iamnnplpmmddcbbppb"=hex:6a,61,61,70,6d,6f,64,66,6f,6a,6f,67,6e,6a,69,65,62,61,
   68,68,00,01
"hacnpbohamegjjmc"=hex:6a,61,61,70,6d,6f,64,66,6f,6a,6f,67,6e,6a,69,65,62,61,
   68,68,00,ff
"hajkjkmpmchapkbe"=hex:64,63,66,6a,64,6c,70,63,6c,6d,6f,63,64,6e,6c,61,67,66,
   66,63,61,64,6e,70,63,6a,70,6c,69,63,63,6d,70,61,61,69,66,62,6b,68,6d,6f,69,\
.
[HKEY_USERS\S-1-5-21-2365759274-3180811660-3926093282-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CEDF7DBB-5ACF-E77C-412E-95C128F26E5B}*]
"jagfkgaiefghchfpmoeo"=hex:64,62,68,70,68,70,62,69,61,63,68,65,68,61,63,6a,6b,
   61,61,6c,67,6e,67,6f,63,6e,70,6f,6c,70,63,6d,67,6a,6b,70,6f,6c,62,69,00,99
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{ACAE922E-4DEA-021D-5C64-6BBA0DE86BAD}\InProcServer32*]
"jaonkdodfhidogjgbaea"=hex:6a,61,61,70,6d,6f,64,66,6f,6a,6f,67,6e,6a,69,65,62,
   61,68,68,00,00
"iaonadihadckfiehbl"=hex:6a,61,61,70,6d,6f,64,66,6f,6a,6f,67,6e,6a,69,65,62,61,
   68,68,00,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_192.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ASTSRV.EXE
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
c:\windows\SysWOW64\PSIService.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2016-07-22 09:34:57 - machine was rebooted
ComboFix-quarantined-files.txt 2016-07-22 13:34
.
Pre-Run: 136,975,896,576 bytes free
Post-Run: 136,394,174,464 bytes free
.
- - End Of File - - A7E5F51EFE644C795419BA9EEF6CB85C
A36C5E4F47E84449FF07ED3517B43A31

#10
zep516

Posted 23 July 2016 - 08:56 AM

Trusted Helper

Malware Removal
8,093 posts

How is the computer doing ?

We may need to reset the browsers.

What browsers do you use ?

Thanks
Joe

#11
Icey1950

Posted 23 July 2016 - 09:27 AM

Member

Topic Starter
Member
49 posts

Hi Joe,

Computer's working well, I uninstalled Firefox and downloaded a new one and installed, it's much better and this is the one I use the most, though I do have Chrome, Opera and of course IE which I rarely use, I play games in Pogo with my sister and Firefox seems to work the best for that. I will do whatever you think is best resetting or installing new browser versions, your sooooo good at what you do...helping people for free sharing your knowledge I can't tell you how much I APPRECIATE you....things are good ..

Have a safe weekend...

Icey

#12
zep516

Posted 23 July 2016 - 09:32 AM

Trusted Helper

Malware Removal
8,093 posts

If there are no further issues then no need to reset browsers.

Your computer is clean now ?

#13
zep516

Posted 23 July 2016 - 08:12 PM

Trusted Helper

Malware Removal
8,093 posts

Uninstall Combofix

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and paste the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

I'll close the topic after this.

#14
Icey1950

Posted 24 July 2016 - 01:38 PM

Member

Topic Starter
Member
49 posts

Hi Joe,

I did as you asked, I copied and pasted as well as typed it in the box and either way it couldn't find it to uninstall it, did I miss something?

Icey ( Laurie )

#15
zep516

Posted 24 July 2016 - 02:30 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Make sure the space is there. I'm sure you did though.

Try this below save the file to the desktop and run it.

http://download.blee...s/CF_UNINST.EXE