Jump to content

ShambiSimmons

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by ShambiSimmons

  1. *** UPDATE *** MBAM scan as of today. Here are the results. MBAM Log 2015-04-22.txt
  2. Yes. The computer is running 1000% better. I was putting it through its paces to see if the popups would return. So far so good. There are a few updates waiting to be installed but other than that I think we're good. The laptop belongs to a friend of mine and I firmly recommended that she purchase and maintain better antivirus and firewall software (Malwarebytes). Thank You so much for your time and effort. It is greatly appreciated.
  3. I finished the latest Farbar Scan with the Fixlog, fresh reboot. Fixlog.txt
  4. I attached the files from the latest Farbar scan. I'm sorry it took so long. My work schedule is crazy. Addition.txt FRST.txt
  5. ADDITION:: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015 Ran by Tiff at 2015-04-13 21:34:14 Running from C:\Users\Tiff\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - ) <==== ATTENTION! Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{2C0CCB21-5ED3-4417-93D2-CC6BEEB3C7CF}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog) LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version: - LeapFrog) Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tiff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 04-02-2015 11:33:06 Windows Update 11-04-2015 08:17:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {053CC159-D21F-437C-8206-5DEE791007CC} - \YTDownloader No Task File <==== ATTENTION Task: {05C54A9C-87B3-4443-B192-D879F80C622C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {062D3B8C-600B-4CB9-8EE3-CB3736078983} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company) Task: {0887C68D-74A2-4E1C-A8F4-0F3C119FA1D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation) Task: {0D5CA32A-B587-43C0-94DB-69E06A099458} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {263BA526-CC06-4E58-9FDC-A9A9709ADFFA} - \YTDownloaderUpd No Task File <==== ATTENTION Task: {41EFE559-DEB8-424F-BC98-59509DD7CCEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {534EBB89-0AC4-4A02-BCDD-85DC4B0FFC41} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {5713DE9D-2A9B-4440-AF5B-D542B6DA85E7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated) Task: {5EAA466E-233B-40DC-A943-6EB2C79E7FD5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation) Task: {68186D3E-44E1-4A7F-AB56-1B76767A1BD1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-27] (Microsoft Corporation) Task: {77F4E65E-A656-4BE4-9211-013BBE4A1B94} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION Task: {7B6C4AA7-8B55-431B-BC38-45DEB8EB1346} - \SMupdate1 No Task File <==== ATTENTION Task: {8D380EFA-5378-4A64-B60F-46F445B497DF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation) Task: {8D3A3128-8FE8-4B2A-B33D-420C24AA1630} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2597059165-3109412761-1012327868-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {BC2463FF-5182-45AA-851D-7FAE66B0D904} - \avaavxvyex No Task File <==== ATTENTION Task: {BE5A6C6C-5218-4114-8D7C-3E93D1A1B08B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated) Task: {C043C5A6-71A1-401F-8AA0-4345BB1CD776} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {C7A16B80-7E51-47D8-8704-92251E9829F1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation) Task: {D613BDAE-1615-497C-920D-2562058A835F} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION Task: {DFA5AF35-9576-4289-9623-6DC816182F1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {F770E077-1C5B-44E2-897D-F41920A4A4E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {FD5325C3-12D4-4F83-A028-E658597A53BE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2013-09-26 14:26 - 2013-09-26 14:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-09-26 14:32 - 2013-09-26 14:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-09-26 14:28 - 2013-09-26 14:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-09-26 14:25 - 2013-09-26 14:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-09-26 14:25 - 2013-09-26 14:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-09-26 14:25 - 2013-09-26 14:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-09-26 14:39 - 2013-09-26 14:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-09-26 14:39 - 2013-09-26 14:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-09-25 09:49 - 2013-09-25 09:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-09-25 09:48 - 2013-09-25 09:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-12-19 05:11 - 2014-05-20 11:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-04-10 21:15 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-09-26 14:34 - 2013-09-26 14:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2013-09-25 09:48 - 2013-09-25 09:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-09-25 09:49 - 2013-09-25 09:49 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll 2014-04-22 15:05 - 2013-02-01 14:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll 2014-02-01 17:30 - 2014-02-01 17:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk" ==================== Accounts: ============================= Administrator (S-1-5-21-2597059165-3109412761-1012327868-500 - Administrator - Disabled) Guest (S-1-5-21-2597059165-3109412761-1012327868-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2597059165-3109412761-1012327868-1004 - Limited - Enabled) Tiff (S-1-5-21-2597059165-3109412761-1012327868-1002 - Administrator - Enabled) => C:\Users\Tiff ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/13/2015 09:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 189278265 Error: (04/13/2015 09:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 189278265 Error: (04/13/2015 09:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 03:00:51 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (04/11/2015 03:00:51 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored. Error: (04/11/2015 00:13:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IDVault.exe, version: 1.14.1014.1, time stamp: 0x543d9baa Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0xa84 Faulting application start time: 0xIDVault.exe0 Faulting application path: IDVault.exe1 Faulting module path: IDVault.exe2 Report Id: IDVault.exe3 Faulting package full name: IDVault.exe4 Faulting package-relative application ID: IDVault.exe5 Error: (04/11/2015 00:13:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) Error: (04/11/2015 11:56:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17324, time stamp: 0x53f834a5 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17041, time stamp: 0x53182120 Exception code: 0xc000027b Fault offset: 0x000000000084ad1a Faulting process id: 0x6ac Faulting application start time: 0xSystemSettings.exe0 Faulting application path: SystemSettings.exe1 Faulting module path: SystemSettings.exe2 Report Id: SystemSettings.exe3 Faulting package full name: SystemSettings.exe4 Faulting package-relative application ID: SystemSettings.exe5 Error: (04/11/2015 11:55:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17324, time stamp: 0x53f834a5 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17041, time stamp: 0x53182120 Exception code: 0xc000027b Fault offset: 0x000000000084ad1a Faulting process id: 0x828 Faulting application start time: 0xSystemSettings.exe0 Faulting application path: SystemSettings.exe1 Faulting module path: SystemSettings.exe2 Report Id: SystemSettings.exe3 Faulting package full name: SystemSettings.exe4 Faulting package-relative application ID: SystemSettings.exe5 Error: (04/11/2015 09:13:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IDVault.exe, version: 1.14.1014.1, time stamp: 0x543d9baa Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0x13ec Faulting application start time: 0xIDVault.exe0 Faulting application path: IDVault.exe1 Faulting module path: IDVault.exe2 Report Id: IDVault.exe3 Faulting package full name: IDVault.exe4 Faulting package-relative application ID: IDVault.exe5 System errors: ============= Error: (04/11/2015 04:50:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CGPS Service service failed to start due to the following error: %%2 Error: (04/11/2015 04:50:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BrsHelper service failed to start due to the following error: %%2 Error: (04/11/2015 02:59:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CGPS Service service failed to start due to the following error: %%2 Error: (04/11/2015 02:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BrsHelper service failed to start due to the following error: %%2 Error: (04/11/2015 02:44:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/11/2015 02:44:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/11/2015 02:44:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/11/2015 02:44:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/11/2015 02:44:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/11/2015 02:44:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (04/13/2015 09:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 189278265 Error: (04/13/2015 09:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 189278265 Error: (04/13/2015 09:26:13 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/11/2015 03:00:51 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (04/11/2015 03:00:51 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement Error: (04/11/2015 00:13:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IDVault.exe1.14.1014.1543d9baaKERNELBASE.dll6.3.9600.1727853eeb460e043435200012f71a8401d074726df0f2f9C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeC:\Windows\SYSTEM32\KERNELBASE.dllad5b579b-e065-11e4-8269-a02bb85515d1 Error: (04/11/2015 00:13:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) Error: (04/11/2015 11:56:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SystemSettings.exe6.3.9600.1732453f834a5Windows.UI.Xaml.dll6.3.9600.1704153182120c000027b000000000084ad1a6ac01d0746ff9e23d56C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll5841d433-e063-11e4-8269-a02bb85515d1windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/11/2015 11:55:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SystemSettings.exe6.3.9600.1732453f834a5Windows.UI.Xaml.dll6.3.9600.1704153182120c000027b000000000084ad1a82801d0746a9498f508C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll32afdae5-e063-11e4-8269-a02bb85515d1windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/11/2015 09:13:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IDVault.exe1.14.1014.1543d9baaKERNELBASE.dll6.3.9600.1727853eeb460e043435200012f7113ec01d074593c6d0157C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeC:\Windows\SYSTEM32\KERNELBASE.dll7be5b325-e04c-11e4-8269-a02bb85515d1 CodeIntegrity Errors: =================================== Date: 2015-01-19 23:46:05.584 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:46:05.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:58.771 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:58.506 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:51.943 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:51.646 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E1-2100 APU with Radeon HD Graphics Percentage of memory in use: 38% Total physical RAM: 3554.07 MB Available physical RAM: 2171.82 MB Total Pagefile: 4194.07 MB Available Pagefile: 2389.42 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:445.12 GB) (Free:409.01 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:19.62 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A9A16C4F) Partition: GPT Partition Type. ==================== End Of Log ============================
  6. Fresh FARBAR and ADDITION Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015 Ran by Tiff (administrator) on BOOP on 13-04-2015 21:30:59 Running from C:\Users\Tiff\Desktop Loaded Profiles: Tiff (Available profiles: Tiff) Platform: Windows 8.1 Connected (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (zik.mu) C:\Program Files\BubbleSound\3D BubbleSound.exe (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-12] (Hewlett-Packard) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {04A8DB8F-8D79-4854-8045-7241EC7B827F} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {104DFC0C-484D-4309-AF29-643E5FFC7537} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {254EE2AF-B26C-4546-91CD-4E884B292062} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {30C97D98-9595-467B-9C7A-EC05FB95A8FF} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {33ED379B-73A7-4D46-BA55-3CC4D2905E89} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {5245F399-812D-42AE-A122-3C6BB9007836} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {54E7A1E7-A06D-4DEC-87BF-61E168B51617} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {71625006-FF93-4812-BBBC-47E5B0FF7C24} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {78D66E11-6437-4AB7-8E87-58EEDB99A9A4} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {887AB2E7-02C1-4F1A-AF09-C020BE80CA9C} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {9109B6C6-AAC0-4051-9168-2BEEE368F642} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {A11B2490-C947-4AA1-B5A3-86D8BF21399F} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {BE9CEC5C-BAB4-49C2-8392-55DD82140ADD} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {CD2114E9-D9EE-4A9E-B5E4-EFDC12E4802E} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {D12F3B0C-3314-4F47-8F3A-460CE41B5020} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {F09DF45A-8909-4382-9DC2-173BF3E4B0ED} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {F5B42D0A-079A-4D0A-8D3F-70E5B73D2512} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-12-16] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed] R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.) R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X] S2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 21:30 - 2015-04-13 21:32 - 00016758 _____ () C:\Users\Tiff\Desktop\FRST.txt 2015-04-13 21:30 - 2015-04-13 21:30 - 00000000 ____D () C:\Users\Tiff\Desktop\FRST-OlderVersion 2015-04-11 15:56 - 2015-04-11 15:56 - 00001556 _____ () C:\Users\Tiff\Desktop\Internet Explorer.lnk 2015-04-11 15:26 - 2015-04-13 21:29 - 00000000 ____D () C:\Users\Tiff\Desktop\Malware Removal Files 2015-04-11 14:55 - 2015-04-11 15:02 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-11 14:55 - 2015-04-11 14:55 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-11 14:52 - 2015-04-11 13:55 - 00024064 _____ () C:\Windows\zoek-delete.exe 2015-04-11 13:58 - 2015-04-11 15:03 - 00024024 _____ () C:\zoek-results.log 2015-04-11 13:55 - 2015-04-11 14:45 - 00000000 ____D () C:\zoek_backup 2015-04-11 12:38 - 2015-04-13 21:31 - 00000000 ____D () C:\FRST 2015-04-11 12:35 - 2015-04-13 21:30 - 02096640 _____ (Farbar) C:\Users\Tiff\Desktop\FRST64.exe 2015-04-11 10:26 - 2014-10-10 20:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-04-11 10:26 - 2014-10-10 20:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-04-11 10:25 - 2014-10-12 22:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-04-11 10:25 - 2014-10-08 03:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-04-11 10:25 - 2014-10-08 03:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-04-11 10:25 - 2014-10-08 02:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-04-11 10:25 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2015-04-11 10:25 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe 2015-04-11 10:24 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll 2015-04-11 10:24 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll 2015-04-11 10:24 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-04-11 10:24 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-04-11 10:24 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll 2015-04-11 10:24 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll 2015-04-11 10:24 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll 2015-04-11 10:24 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat 2015-04-11 10:24 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys 2015-04-11 10:24 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-04-11 10:24 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys 2015-04-11 10:24 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2015-04-11 10:24 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2015-04-11 10:24 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2015-04-11 10:24 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2015-04-11 10:24 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll 2015-04-11 10:24 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2015-04-11 10:24 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll 2015-04-11 10:24 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-04-11 10:24 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-04-11 10:24 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll 2015-04-11 10:24 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2015-04-11 10:24 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2015-04-11 10:24 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll 2015-04-11 10:24 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll 2015-04-11 10:24 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-04-11 10:24 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-04-11 10:24 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll 2015-04-11 10:24 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll 2015-04-11 10:24 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll 2015-04-11 10:18 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll 2015-04-11 10:18 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll 2015-04-11 10:18 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll 2015-04-11 10:18 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll 2015-04-11 10:17 - 2014-04-06 12:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll 2015-04-11 10:17 - 2014-04-06 12:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2015-04-11 10:17 - 2014-04-06 12:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2015-04-11 10:17 - 2014-04-06 12:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2015-04-11 10:17 - 2014-04-06 11:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2015-04-11 10:17 - 2014-04-06 11:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2015-04-11 10:17 - 2014-04-06 06:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2015-04-11 10:17 - 2014-03-28 11:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-04-11 10:17 - 2014-03-18 01:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2015-04-11 10:17 - 2014-03-18 00:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2015-04-11 10:17 - 2014-03-17 01:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2015-04-11 10:17 - 2014-03-14 02:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll 2015-04-11 10:17 - 2014-03-14 02:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll 2015-04-11 10:16 - 2014-04-18 10:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll 2015-04-11 10:16 - 2014-04-18 05:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll 2015-04-11 10:16 - 2014-04-14 05:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll 2015-04-11 10:16 - 2014-04-14 04:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll 2015-04-11 10:16 - 2014-04-11 00:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2015-04-11 10:16 - 2014-04-11 00:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2015-04-11 10:16 - 2014-04-09 07:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2015-04-11 10:16 - 2014-04-09 02:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2015-04-11 10:16 - 2014-04-09 01:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2015-04-11 10:16 - 2014-04-08 23:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2015-04-11 10:16 - 2014-04-07 22:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2015-04-11 10:16 - 2014-04-06 12:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2015-04-11 10:16 - 2014-04-06 12:34 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2015-04-11 10:16 - 2014-04-06 12:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll 2015-04-11 10:16 - 2014-04-06 12:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys 2015-04-11 10:16 - 2014-04-06 12:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-04-11 10:16 - 2014-04-06 12:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-04-11 10:16 - 2014-04-06 11:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll 2015-04-11 10:16 - 2014-04-06 11:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll 2015-04-11 10:16 - 2014-04-06 11:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-04-11 10:16 - 2014-04-06 08:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-11 10:16 - 2014-04-06 08:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-11 10:16 - 2014-04-06 08:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe 2015-04-11 10:16 - 2014-04-06 08:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-11 10:16 - 2014-04-06 08:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-11 10:16 - 2014-04-06 07:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll 2015-04-11 10:16 - 2014-04-06 05:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2015-04-11 10:16 - 2014-04-03 04:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-04-11 10:16 - 2014-04-03 04:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2015-04-11 10:16 - 2014-04-03 00:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-04-11 10:16 - 2014-04-03 00:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2015-04-11 10:16 - 2014-04-02 22:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll 2015-04-11 10:16 - 2014-04-02 22:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll 2015-04-11 10:16 - 2014-03-27 01:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll 2015-04-11 10:16 - 2014-03-27 00:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll 2015-04-11 10:16 - 2014-03-26 23:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll 2015-04-11 10:16 - 2014-03-26 23:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2015-04-11 10:16 - 2014-03-19 04:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2015-04-11 10:16 - 2014-03-19 03:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2015-04-11 10:16 - 2014-03-17 00:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2015-04-11 09:54 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2015-04-11 09:54 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2015-04-11 09:54 - 2014-05-31 06:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2015-04-11 09:54 - 2014-05-31 06:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2015-04-11 09:54 - 2014-05-31 06:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2015-04-11 09:54 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2015-04-11 09:54 - 2014-05-31 02:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2015-04-11 09:54 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2015-04-11 09:54 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2015-04-11 09:54 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2015-04-11 09:54 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2015-04-11 09:54 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2015-04-11 09:54 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2015-04-11 09:54 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2015-04-11 09:54 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll 2015-04-11 09:54 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll 2015-04-11 09:54 - 2014-05-19 02:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe 2015-04-11 09:54 - 2014-05-19 02:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe 2015-04-11 09:54 - 2014-05-19 01:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe 2015-04-11 09:54 - 2014-05-01 09:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys 2015-04-11 09:54 - 2014-05-01 01:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll 2015-04-11 09:54 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2015-04-11 08:39 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-04-11 08:39 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-04-11 08:39 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-04-11 08:39 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-04-11 08:39 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-04-11 08:39 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-04-11 08:39 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-04-11 08:39 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-04-11 08:39 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-04-11 08:39 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-04-11 08:28 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-04-11 08:28 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-11 08:28 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-04-11 08:28 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-04-11 08:28 - 2014-10-28 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-11 08:28 - 2014-10-28 22:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-11 08:28 - 2014-10-28 22:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-11 08:28 - 2014-10-28 22:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-11 08:28 - 2014-10-28 21:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-11 08:27 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-11 08:27 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-11 08:27 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-04-11 08:27 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-04-11 08:25 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-11 08:25 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-11 08:25 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-11 08:25 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-11 08:25 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-11 08:25 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-11 08:25 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-11 08:25 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-04-11 08:25 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-04-11 08:25 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-04-11 08:25 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-04-11 08:25 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-04-11 08:25 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-04-11 08:25 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-04-11 08:25 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-04-11 08:25 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-04-11 08:25 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-04-11 08:25 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-04-11 08:25 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-04-11 08:24 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-04-11 08:24 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-04-11 08:24 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-04-11 08:24 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-04-11 08:24 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-04-11 08:24 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-04-11 08:24 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-04-11 08:24 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-04-11 08:24 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-04-11 08:24 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-04-11 08:24 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-04-11 08:24 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-04-11 08:24 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-04-11 08:24 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-04-11 08:24 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-04-11 08:24 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-04-11 08:24 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-04-11 08:24 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-04-11 08:24 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls 2015-04-11 08:24 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls 2015-04-11 08:24 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe 2015-04-11 08:24 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll 2015-04-11 08:24 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll 2015-04-11 08:24 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe 2015-04-11 08:24 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll 2015-04-11 08:24 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-04-11 08:24 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll 2015-04-11 08:24 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll 2015-04-11 08:24 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll 2015-04-11 08:24 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2015-04-11 08:24 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2015-04-11 08:24 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-04-11 08:24 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll 2015-04-11 08:24 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2015-04-11 08:24 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll 2015-04-11 08:24 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll 2015-04-11 08:24 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll 2015-04-11 08:24 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll 2015-04-11 08:24 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll 2015-04-11 08:21 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-04-11 08:21 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-04-11 08:21 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-04-11 08:21 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-04-11 08:20 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-04-11 08:20 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-04-11 08:20 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-04-11 08:20 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-04-11 08:20 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe 2015-04-11 08:20 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe 2015-04-11 08:20 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2015-04-11 08:20 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2015-04-11 08:19 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-04-11 08:14 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-04-11 08:12 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-04-11 08:12 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-04-11 08:12 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-04-11 08:12 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-04-11 08:12 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-04-11 08:12 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-04-11 08:12 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-04-11 08:12 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-04-11 08:12 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-04-11 08:12 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-11 08:12 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-11 08:12 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-11 08:12 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-04-11 08:12 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-04-11 08:12 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-04-11 08:12 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2015-04-11 08:12 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-11 08:12 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-11 08:12 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-11 08:12 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll 2015-04-11 08:12 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-11 08:12 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-11 08:12 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-11 08:12 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-11 08:12 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-11 08:12 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll 2015-04-11 08:11 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-11 08:11 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-11 08:11 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-11 08:11 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-04-11 08:11 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-11 08:11 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-11 08:11 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-11 08:11 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-11 08:11 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-11 08:11 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-11 08:11 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-11 08:11 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-11 08:11 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-11 08:11 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-11 08:11 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-04-11 08:11 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-11 08:11 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-11 08:11 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-11 08:11 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-04-11 08:11 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-11 08:11 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-04-11 08:11 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-11 08:11 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-11 08:11 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-11 08:11 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-11 08:11 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-11 08:11 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-04-11 08:11 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-04-11 08:11 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-11 08:11 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-04-11 08:11 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-11 08:11 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-11 08:11 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-11 08:11 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-11 08:11 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-11 08:11 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-11 08:11 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-11 08:11 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-04-11 08:11 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-04-11 08:11 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-11 08:11 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-11 08:11 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-11 08:11 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-11 08:08 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-04-11 08:08 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-04-11 08:08 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-04-11 08:07 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-04-11 08:07 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-04-11 08:07 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-04-11 08:07 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-04-11 08:07 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-04-11 08:07 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-04-11 08:07 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-11 08:07 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-11 08:03 - 2015-03-03 09:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-04-11 08:03 - 2014-07-29 21:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll 2015-04-11 08:03 - 2014-07-29 01:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll 2015-04-11 08:02 - 2014-07-24 11:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2015-04-11 08:02 - 2014-07-24 09:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2015-04-11 08:02 - 2014-07-24 07:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-11 08:02 - 2014-07-24 05:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-04-11 08:02 - 2014-07-24 05:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-04-11 08:02 - 2014-07-24 04:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-11 08:02 - 2014-06-14 02:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-04-11 08:01 - 2014-07-24 11:28 - 00419648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2015-04-11 08:01 - 2014-07-24 11:28 - 00412992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2015-04-11 08:01 - 2014-07-24 11:28 - 00280384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2015-04-11 08:01 - 2014-07-24 11:28 - 00143680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2015-04-11 08:01 - 2014-07-24 11:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-11 08:01 - 2014-07-24 11:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-04-11 08:01 - 2014-07-24 11:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-04-11 08:01 - 2014-07-24 11:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe 2015-04-11 08:01 - 2014-07-24 11:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2015-04-11 08:01 - 2014-07-24 11:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe 2015-04-11 08:01 - 2014-07-24 11:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2015-04-11 08:01 - 2014-07-24 11:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-04-11 08:01 - 2014-07-24 11:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-04-11 08:01 - 2014-07-24 11:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-04-11 08:01 - 2014-07-24 11:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-04-11 08:01 - 2014-07-24 11:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-04-11 08:01 - 2014-07-24 11:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2015-04-11 08:01 - 2014-07-24 11:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-04-11 08:01 - 2014-07-24 11:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll 2015-04-11 08:01 - 2014-07-24 09:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-04-11 08:01 - 2014-07-24 09:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2015-04-11 08:01 - 2014-07-24 09:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe 2015-04-11 08:01 - 2014-07-24 09:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-04-11 08:01 - 2014-07-24 09:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2015-04-11 08:01 - 2014-07-24 09:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll 2015-04-11 08:01 - 2014-07-24 07:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL 2015-04-11 08:01 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2015-04-11 08:01 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL 2015-04-11 08:01 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2015-04-11 08:01 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2015-04-11 08:01 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2015-04-11 08:01 - 2014-07-24 07:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2015-04-11 08:01 - 2014-07-24 07:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys 2015-04-11 08:01 - 2014-07-24 07:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2015-04-11 08:01 - 2014-07-24 07:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2015-04-11 08:01 - 2014-07-24 07:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-04-11 08:01 - 2014-07-24 07:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys 2015-04-11 08:01 - 2014-07-24 07:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys 2015-04-11 08:01 - 2014-07-24 07:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-11 08:01 - 2014-07-24 07:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll 2015-04-11 08:01 - 2014-07-24 07:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll 2015-04-11 08:01 - 2014-07-24 07:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-04-11 08:01 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2015-04-11 08:01 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL 2015-04-11 08:01 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2015-04-11 08:01 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL 2015-04-11 08:01 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2015-04-11 08:01 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2015-04-11 08:01 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2015-04-11 08:01 - 2014-07-24 06:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll 2015-04-11 08:01 - 2014-07-24 06:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-11 08:01 - 2014-07-24 06:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl 2015-04-11 08:01 - 2014-07-24 06:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2015-04-11 08:01 - 2014-07-24 06:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll 2015-04-11 08:01 - 2014-07-24 06:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll 2015-04-11 08:01 - 2014-07-24 06:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll 2015-04-11 08:01 - 2014-07-24 06:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2015-04-11 08:01 - 2014-07-24 06:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-04-11 08:01 - 2014-07-24 06:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll 2015-04-11 08:01 - 2014-07-24 06:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll 2015-04-11 08:01 - 2014-07-24 05:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2015-04-11 08:01 - 2014-07-24 05:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl 2015-04-11 08:01 - 2014-07-24 05:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll 2015-04-11 08:01 - 2014-07-24 05:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll 2015-04-11 08:01 - 2014-07-24 05:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll 2015-04-11 08:01 - 2014-07-24 05:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll 2015-04-11 08:01 - 2014-07-24 05:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2015-04-11 08:01 - 2014-07-24 05:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll 2015-04-11 08:01 - 2014-07-24 05:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll 2015-04-11 08:01 - 2014-07-24 05:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2015-04-11 08:01 - 2014-07-24 05:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll 2015-04-11 08:01 - 2014-07-24 05:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2015-04-11 08:01 - 2014-07-24 05:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2015-04-11 08:01 - 2014-07-24 05:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-11 08:01 - 2014-07-24 05:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll 2015-04-11 08:01 - 2014-07-24 05:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll 2015-04-11 08:01 - 2014-07-24 05:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll 2015-04-11 08:01 - 2014-07-24 05:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe 2015-04-11 08:01 - 2014-07-24 05:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2015-04-11 08:01 - 2014-07-24 04:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll 2015-04-11 08:01 - 2014-07-24 04:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2015-04-11 08:01 - 2014-07-24 04:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll 2015-04-11 08:01 - 2014-07-24 04:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-04-11 08:01 - 2014-07-24 04:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll 2015-04-11 08:01 - 2014-07-24 04:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2015-04-11 08:01 - 2014-07-24 04:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll 2015-04-11 08:01 - 2014-07-24 04:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll 2015-04-11 08:01 - 2014-07-24 04:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll 2015-04-11 08:01 - 2014-07-24 04:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll 2015-04-11 08:01 - 2014-07-24 04:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2015-04-11 08:01 - 2014-07-24 04:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll 2015-04-11 08:01 - 2014-07-24 04:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2015-04-11 08:01 - 2014-07-24 04:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2015-04-11 08:01 - 2014-07-24 04:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll 2015-04-11 08:01 - 2014-07-24 04:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll 2015-04-11 08:01 - 2014-07-24 04:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll 2015-04-11 08:01 - 2014-07-24 04:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2015-04-11 08:01 - 2014-07-24 04:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2015-04-11 08:01 - 2014-07-24 04:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2015-04-11 08:01 - 2014-07-24 04:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-04-11 08:01 - 2014-07-24 04:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2015-04-11 08:01 - 2014-07-24 04:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2015-04-11 08:01 - 2014-07-24 04:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-11 08:01 - 2014-07-24 04:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll 2015-04-11 08:01 - 2014-07-24 04:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2015-04-11 08:01 - 2014-07-24 04:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-11 08:01 - 2014-07-24 04:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll 2015-04-11 08:01 - 2014-07-24 04:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2015-04-11 08:01 - 2014-07-24 04:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll 2015-04-11 08:01 - 2014-07-24 04:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2015-04-11 08:01 - 2014-07-24 04:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2015-04-11 08:01 - 2014-07-24 04:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll 2015-04-11 08:01 - 2014-07-24 04:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-11 08:01 - 2014-07-24 04:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-11 08:01 - 2014-07-24 04:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll 2015-04-11 08:01 - 2014-07-24 04:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-11 08:01 - 2014-07-24 04:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2015-04-11 08:01 - 2014-07-24 04:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll 2015-04-11 08:01 - 2014-07-24 03:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2015-04-11 08:01 - 2014-07-24 03:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll 2015-04-11 08:01 - 2014-07-24 03:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2015-04-11 08:01 - 2014-07-24 03:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll 2015-04-11 08:01 - 2014-07-24 03:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-04-11 08:01 - 2014-07-24 03:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll 2015-04-11 08:01 - 2014-07-24 03:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-04-11 08:01 - 2014-07-24 03:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll 2015-04-11 08:01 - 2014-07-12 01:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll 2015-04-11 08:01 - 2014-07-12 00:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll 2015-04-11 08:01 - 2014-07-04 08:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2015-04-11 08:01 - 2014-07-04 06:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll 2015-04-11 08:01 - 2014-07-04 06:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2015-04-11 08:01 - 2014-07-04 06:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll 2015-04-11 08:01 - 2014-07-04 06:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2015-04-11 08:01 - 2014-07-04 05:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2015-04-11 08:01 - 2014-07-04 05:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2015-04-11 08:01 - 2014-06-27 02:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2015-04-11 08:01 - 2014-06-25 20:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll 2015-04-11 08:01 - 2014-06-25 20:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll 2015-04-11 08:01 - 2014-06-19 19:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-04-11 08:01 - 2014-06-18 22:13 - 00310080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2015-04-11 08:01 - 2014-06-14 01:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-04-11 08:01 - 2014-06-07 08:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll 2015-04-11 08:01 - 2014-06-07 06:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2015-04-11 08:01 - 2014-06-05 06:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll 2015-04-11 08:01 - 2014-06-05 05:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll 2015-04-11 08:01 - 2014-05-31 01:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll 2015-04-11 08:01 - 2014-05-31 00:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll 2015-04-11 08:01 - 2014-05-29 02:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll 2015-04-11 08:01 - 2014-05-29 01:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll 2015-04-11 08:01 - 2014-05-26 03:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll 2015-04-11 08:01 - 2014-05-10 06:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-04-11 08:01 - 2014-05-10 04:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-04-11 08:01 - 2014-05-06 00:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll 2015-04-11 08:01 - 2014-05-05 20:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll 2015-04-11 08:01 - 2014-03-24 22:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll 2015-04-11 08:01 - 2014-03-24 22:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll 2015-04-11 08:01 - 2014-03-24 21:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll 2015-04-11 08:01 - 2014-03-24 21:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll 2015-04-11 07:53 - 2014-08-14 20:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys 2015-04-11 07:52 - 2014-08-23 02:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2015-04-11 07:52 - 2014-08-23 01:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2015-04-11 07:52 - 2014-08-23 00:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll 2015-04-11 07:52 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll 2015-04-11 07:52 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll 2015-04-11 07:52 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll 2015-04-11 07:52 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll 2015-04-11 07:52 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-04-11 07:52 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll 2015-04-11 07:52 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-04-11 07:52 - 2014-07-24 11:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-04-11 07:52 - 2014-03-19 03:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-04-11 07:52 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-04-11 07:51 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2015-04-11 07:51 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-11 07:51 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2015-04-11 07:51 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-11 07:51 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2015-04-11 07:51 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2015-04-11 07:51 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll 2015-04-11 07:51 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2015-04-11 07:51 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2015-04-11 07:51 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2015-04-11 07:51 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll 2015-04-11 07:51 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2015-04-11 07:51 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll 2015-04-11 07:51 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll 2015-04-11 07:51 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll 2015-04-11 07:51 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll 2015-04-11 07:51 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe 2015-04-11 07:51 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys 2015-04-11 07:51 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-04-11 07:51 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-04-11 07:50 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-04-11 07:50 - 2014-12-11 20:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-04-11 07:50 - 2014-12-08 21:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-04-11 07:50 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-04-11 07:50 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-04-11 07:50 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-04-11 07:50 - 2014-12-05 21:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-04-11 07:50 - 2014-10-29 00:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-04-11 07:50 - 2014-10-29 00:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-04-11 07:50 - 2014-10-28 23:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-04-11 07:50 - 2014-10-28 23:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-04-11 07:50 - 2014-10-28 23:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-04-11 07:50 - 2014-10-28 23:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-04-11 07:50 - 2014-10-28 23:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-04-11 07:50 - 2014-10-28 23:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-04-11 07:50 - 2014-10-28 23:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-04-11 07:50 - 2014-10-28 23:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-04-11 07:50 - 2014-10-28 23:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-04-11 07:50 - 2014-10-28 22:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-04-11 07:50 - 2014-10-28 21:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-04-11 07:50 - 2014-10-28 21:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-04-11 07:50 - 2014-10-28 21:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-04-11 07:50 - 2014-10-28 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-04-11 07:49 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe 2015-04-11 07:49 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2015-04-11 07:49 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll 2015-04-11 07:49 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2015-04-11 07:49 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-11 07:49 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-11 07:49 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-11 07:49 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-11 07:49 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2015-04-11 07:47 - 2014-07-10 00:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\lockscreencn.dll 2015-04-10 21:12 - 2015-04-13 21:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-10 21:11 - 2015-04-10 21:11 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-10 21:11 - 2015-04-10 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-10 21:10 - 2015-04-10 21:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-10 21:10 - 2015-04-10 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-10 21:10 - 2015-03-17 09:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-10 21:10 - 2015-03-17 09:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-10 21:10 - 2015-03-17 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-10 21:08 - 2015-04-10 21:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tiff\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-10 21:02 - 2015-04-13 21:27 - 00000000 ____D () C:\ProgramData\NetEngine 2015-04-10 21:02 - 2015-04-10 21:02 - 00000000 ____D () C:\ProgramData\T122078ED ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-13 21:29 - 2014-11-18 14:08 - 00000000 ____D () C:\Users\Tiff\Documents\Youcam 2015-04-13 21:29 - 2014-11-18 14:04 - 01185772 _____ () C:\Windows\WindowsUpdate.log 2015-04-13 21:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-11 16:51 - 2014-04-22 14:41 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-04-11 16:50 - 2013-08-22 10:46 - 00030863 _____ () C:\Windows\setupact.log 2015-04-11 16:50 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-11 16:49 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-04-11 16:13 - 2014-11-18 14:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2597059165-3109412761-1012327868-1002 2015-04-11 16:09 - 2014-12-26 15:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-11 15:56 - 2014-11-18 14:07 - 00001556 _____ () C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-11 15:11 - 2014-12-19 05:29 - 00003086 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2597059165-3109412761-1012327868-1002 2015-04-11 15:11 - 2014-12-19 05:29 - 00000000 ___RD () C:\Users\Tiff\OneDrive 2015-04-11 15:05 - 2014-03-18 05:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-11 15:02 - 2015-01-21 04:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-04-11 14:59 - 2014-03-18 05:44 - 00122226 _____ () C:\Windows\PFRO.log 2015-04-11 14:59 - 2013-08-22 10:44 - 00491624 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-11 14:56 - 2014-12-23 17:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-11 14:56 - 2014-12-23 17:17 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-11 14:56 - 2014-03-18 05:38 - 00000000 ____D () C:\Program Files\Windows Journal 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-04-11 14:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-04-11 14:56 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe 2015-04-11 14:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore 2015-04-11 14:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2015-04-11 14:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\inetsrv 2015-04-11 14:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2015-04-11 14:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-04-11 13:59 - 2014-11-18 14:21 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2324D154-2DF7-4A6B-A1B7-BCD36DAA3E90} 2015-04-11 11:59 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-11 09:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-11 09:02 - 2014-04-22 14:59 - 00000000 ____D () C:\ProgramData\McAfee 2015-04-11 09:02 - 2014-04-22 14:59 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-04-11 08:48 - 2014-12-23 17:02 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-11 07:43 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-04-10 23:28 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-04-10 23:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\security 2015-04-10 21:22 - 2014-12-19 05:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-04-10 21:03 - 2015-01-27 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-11 08:17 ==================== End Of Log ============================
  7. We Spoke too soon... The Popups are back Something from pc-support-messages.com
  8. Thank you very much for you help. I'm no longer getting bogus virus alerts.
  9. Thanks for your reply MBAM Results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/11/2015 Scan Time: 1:12:39 PM Logfile: MBAM2015-04-11.txt Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.04.11.04 Rootkit Database: v2015.03.31.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Tiff Scan Type: Threat Scan Result: Completed Objects Scanned: 336893 Time Elapsed: 36 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Zoek Results: Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Tiff on Sat 04/11/2015 at 13:55:45.31. Microsoft Windows 8.1 with Bing 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Tiff\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 4/11/2015 1:58:20 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Constant Guard Protection Suite deleted successfully C:\PROGRA~2\speed browser deleted successfully C:\PROGRA~3\666e84ec00003fe1 deleted successfully C:\PROGRA~3\b2a2d4c000004583 deleted successfully C:\Users\Tiff\AppData\Roaming\hpqlog deleted successfully C:\Users\Tiff\AppData\Local\Boost deleted successfully C:\Users\Tiff\AppData\Local\SmartWeb deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c878e3a-f0ad-46c8-be3b-b823af43f3fc} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10E79E23-6686-4999-A4B8-99DAA097684A} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17231DD8-4BA6-4138-971E-F4CAC2CDE57} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D403AC-CA89-4B03-BD86-F71C7C6E9B4} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26100796-788-456D-A049-2DF562F84929} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28C6D3F8-33D7-4B39-B96A-933AE724AD63} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CA20C21-D451-4F3B-8623-5BEEEBB4415A} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D2C8240-5792-408A-B670-656270B9F4C2} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{346072BC-D8E-4F3E-BC3F-5CA5A7A90CA} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36D842B1-2C1-4275-A22E-D1C7E19A1} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{400469EF-5FF-4D55-963A-BD2F9C9EE2B9} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5229CE8E-293F-48A0-927D-188CA67E3AE} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{526f47af-18f6-4461-8c45-80e40c2faef5} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5787E706-A2B3-4AF9-93B9-2928F916729} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E86803D-D7D5-4D4C-BC6A-EF69B3118B9C} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FD1AAC2-1725-4BCE-BDF9-4FDD5D435DC7} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FE5AD91-C8C0-4326-8D4E-3B215D45C860} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6058AA86-4E70-4804-9D1B-A187A570372C} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62F71E2C-A46C-490B-873-9F6F18EC56BC} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64CAE494-196A-4F51-9888-77C3E1E741DE} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BD09F8-799B-4BDA-B73F-D413922657D} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FB387D5-9D93-4DC0-8EEA-9F098C5334B} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7577DB3D-18DC-4872-AECB-B949CB4FF129} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79A655D6-B914-4DEA-A2B5-9FA2F9D68558} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7BD1D28F-D215-4A52-9730-E16730635914} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88074136-97A0-4ECD-9416-765B7E9442CC} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B866686-9190-44D5-B392-F992297C9} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d8d8760-6b16-4b1f-86d2-5d970cf6cae2} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A208DB4F-5A3C-400F-9528-3A82472797CF} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a50ea367-2ec6-4136-a28f-fa8c02f2d436} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a8b7dfbb-0a0f-44f7-8e96-21499bbfc18b} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE76A023-C6A4-40EB-B0DC-FAB69B86E87} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBDFCB8-F0F-44E3-93E-998779B7614} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1792AEF-8E65-4053-97E9-9E6877551878} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8F14D4B-6A84-47B0-9CBB-6E5A64C582} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D655EE33-44ED-4185-A5B4-FFD3FDD6E2B9} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da604e0d-46e2-42e4-b638-ebb2e948a575} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E76453CE-57E7-47FA-98DA-6BDE803DE1BE} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED16F16F-8E7-4EED-B7FA-9A939EA59F71} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE9D1A4E-789E-4AA6-BB3D-46B4E17F19F9} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F272A4CB-A0D5-4E02-BC66-D0C0FFBEA8E9} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F365A27D-464B-4994-9AEF-A1DFA8FB9095} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6D910F9-2FEA-4B01-B814-ADBC9BA9CD2} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8AC60D4-86C9-435C-91EE-4D7864EF399A} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCCFE43-CC36-4083-9A24-63713A8B1A9} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFD483EE-8BF1-4E7E-8D3F-AD8738C962} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0c878e3a-f0ad-46c8-be3b-b823af43f3fc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{526f47af-18f6-4461-8c45-80e40c2faef5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9d8d8760-6b16-4b1f-86d2-5d970cf6cae2} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a50ea367-2ec6-4136-a28f-fa8c02f2d436} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a8b7dfbb-0a0f-44f7-8e96-21499bbfc18b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{da604e0d-46e2-42e4-b638-ebb2e948a575} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbmntr deleted successfully ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Constant Guard Protection Suite not found C:\PROGRA~2\speed browser not found C:\PROGRA~3\wIyBpDsN deleted C:\PROGRA~2\buyanidbrowse deleted C:\PROGRA~2\bUYfasst deleted C:\PROGRA~2\WeowCCoupon deleted C:\PROGRA~2\rrOcckettsaale deleted C:\PROGRA~2\SoundCloud Latest Tracks for Google Chrome deleted C:\windows\SysNative\Tasks\NetEngine deleted C:\PROGRA~3\10006588788967173859 deleted C:\PROGRA~2\Super Optimizer deleted C:\PROGRA~2\globalUpdate deleted C:\Program Files\Common Files\System\SysMenu.dll deleted C:\PROGRA~3\Browser deleted C:\PROGRA~3\Package Cache deleted C:\Users\Tiff\AppData\Local\globalUpdate deleted C:\Users\Tiff\AppData\Local\CrashRpt deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\SearchProtect deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip deleted C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip deleted C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader deleted C:\Users\Tiff\AppData\LocalLow\SmartWeb deleted C:\windows\SysNative\tasks\YTDownloader deleted C:\windows\SysNative\tasks\YTDownloaderUpd deleted C:\windows\SysNative\tasks\SMupdate1 deleted C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\windows\SysNative\drivers\SPPD.sys deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Users\Tiff\Desktop\YTDownloader.lnk deleted C:\Users\Tiff\Desktop\PepperZip.lnk deleted C:\Users\Tiff\Desktop\Continue Live Installation.lnk deleted C:\Users\Tiff\Desktop\Continue Microsoft Word.lnk deleted "C:\Users\Tiff\AppData\Roaming\QWHKP" deleted "C:\Windows\tasks\QWHKP.job" deleted "C:\Windows\SysNative\tasks\QWHKP" deleted "C:\Program Files\Common Files\System\SysMenu64.dll" deleted "C:\PROGRA~2\YTDownloader\libeay32.dll" deleted "C:\PROGRA~2\YTDownloader\YTDownloader.exe" deleted "C:\PROGRA~2\PepperZip\shell\PPZShellExtension_x64.dll" deleted "C:\PROGRA~2\YTDownloader" deleted "C:\PROGRA~2\PepperZip" not deleted "C:\PROGRA~2\PepperZip\shell" not deleted ==== Chromium Look ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?gws_rd=ssl" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?gws_rd=ssl" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {021F35F4-3DBE-4CCC-8999-FBAD749DD66A} Unknown Url="Not_Found" {04A8DB8F-8D79-4854-8045-7241EC7B827F} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {0FE30B24-1A15-40DA-87CB-35067FA20E59} Search Url="Not_Found" {104DFC0C-484D-4309-AF29-643E5FFC7537} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {13CC9699-2F86-4479-A251-3A1C0DB9EFE7} Search Url="Not_Found" {254EE2AF-B26C-4546-91CD-4E884B292062} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {30C97D98-9595-467B-9C7A-EC05FB95A8FF} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {33ED379B-73A7-4D46-BA55-3CC4D2905E89} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {5245F399-812D-42AE-A122-3C6BB9007836} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {54E7A1E7-A06D-4DEC-87BF-61E168B51617} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {71625006-FF93-4812-BBBC-47E5B0FF7C24} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {78D66E11-6437-4AB7-8E87-58EEDB99A9A4} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {887AB2E7-02C1-4F1A-AF09-C020BE80CA9C} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {9109B6C6-AAC0-4051-9168-2BEEE368F642} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {A11B2490-C947-4AA1-B5A3-86D8BF21399F} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {BE9CEC5C-BAB4-49C2-8392-55DD82140ADD} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {CD2114E9-D9EE-4A9E-B5E4-EFDC12E4802E} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {D12F3B0C-3314-4F47-8F3A-460CE41B5020} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {F09DF45A-8909-4382-9DC2-173BF3E4B0ED} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" {F5B42D0A-079A-4D0A-8D3F-70E5B73D2512} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B84CDBE7-1B46-494B-A188-01D4C52DEB61} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B84CDBE7-1B46-494B-A188-01D4C52DEB61} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\SearchScopes\{021F35F4-3DBE-4CCC-8999-FBAD749DD66A} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0FE30B24-1A15-40DA-87CB-35067FA20E59} deleted successfully HKEY_USERS\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\SearchScopes\{13CC9699-2F86-4479-A251-3A1C0DB9EFE7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B84CDBE7-1B46-494B-A188-01D4C52DEB61} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_CLASSES_ROOT\CLSID\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_CLASSES_ROOT\CLSID\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abab86ef-4f54-4897-a6ad-24465fa08c02} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5870e9d-9780-44bf-b4c7-3dad468ba528} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D790D3FB-670B-6EF4-3686-4CB69E4ADE96} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{144AC25F-D7A7-B233-BFB8-433771ECB92D} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B91C29-337A-1FFD-7CFC-473451D2F861} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\6E942F3A-143D-A650-D837-C505023DF8C2 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Tiff\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Tiff\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Tiff\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Tiff\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Tiff\AppData\Local\speed browser\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=116 folders=45 40331676 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Tiff\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Tiff\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\PROGRA~2\PepperZip" not found ==== EOF on Sat 04/11/2015 at 15:03:51.79 ======================
  10. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015 Ran by Tiff (administrator) on BOOP on 11-04-2015 12:38:53 Running from C:\Users\Tiff\Desktop Loaded Profiles: Tiff (Available profiles: Tiff) Platform: Windows 8.1 Connected (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\ProgramData\NetEngine\bin\D6\netengine.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (AMD) C:\Windows\System32\atieclxx.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\ProgramData\NetEngine\bin\D6\netengine.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (zik.mu) C:\Program Files\BubbleSound\3D BubbleSound.exe (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe\onenoteim.exe (Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (YTDownloader) C:\Program Files (x86)\YTDownloader\DownloadHelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated) HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.) HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-12] (Hewlett-Packard) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader) HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {021F35F4-3DBE-4CCC-8999-FBAD749DD66A} URL = SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {04A8DB8F-8D79-4854-8045-7241EC7B827F} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {0FE30B24-1A15-40DA-87CB-35067FA20E59} URL = SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {104DFC0C-484D-4309-AF29-643E5FFC7537} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {13CC9699-2F86-4479-A251-3A1C0DB9EFE7} URL = SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {254EE2AF-B26C-4546-91CD-4E884B292062} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {30C97D98-9595-467B-9C7A-EC05FB95A8FF} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {33ED379B-73A7-4D46-BA55-3CC4D2905E89} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {5245F399-812D-42AE-A122-3C6BB9007836} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {54E7A1E7-A06D-4DEC-87BF-61E168B51617} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {71625006-FF93-4812-BBBC-47E5B0FF7C24} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {78D66E11-6437-4AB7-8E87-58EEDB99A9A4} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {887AB2E7-02C1-4F1A-AF09-C020BE80CA9C} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {9109B6C6-AAC0-4051-9168-2BEEE368F642} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {A11B2490-C947-4AA1-B5A3-86D8BF21399F} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {BE9CEC5C-BAB4-49C2-8392-55DD82140ADD} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {CD2114E9-D9EE-4A9E-B5E4-EFDC12E4802E} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {D12F3B0C-3314-4F47-8F3A-460CE41B5020} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {F09DF45A-8909-4382-9DC2-173BF3E4B0ED} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002 -> {F5B42D0A-079A-4D0A-8D3F-70E5B73D2512} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: WeowCCoupon -> {62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} -> C:\Program Files (x86)\WeowCCoupon\609X0w2UgjRQWs.x64.dll No File BHO: buyanidbrowse -> {abab86ef-4f54-4897-a6ad-24465fa08c02} -> C:\Program Files (x86)\buyanidbrowse\tpOz6gmqAFC9kT.x64.dll No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO: APptoU -> {d5870e9d-9780-44bf-b4c7-3dad468ba528} -> C:\Program Files (x86)\APptoU\01mKjmdWzph1bt.x64.dll No File BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: WeowCCoupon -> {62fc3c41-dc77-466c-b6dc-1a0cae60e0ef} -> C:\Program Files (x86)\WeowCCoupon\609X0w2UgjRQWs.dll No File BHO-x32: buyanidbrowse -> {abab86ef-4f54-4897-a6ad-24465fa08c02} -> C:\Program Files (x86)\buyanidbrowse\tpOz6gmqAFC9kT.dll No File BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.1014.1\NativeBHO.dll No File BHO-x32: APptoU -> {d5870e9d-9780-44bf-b4c7-3dad468ba528} -> C:\Program Files (x86)\APptoU\01mKjmdWzph1bt.dll No File BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-26] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-12-16] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed] S2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] () R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-11-19] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.) R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-04-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-04-22] (Microsoft Corporation) S2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation ) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-04-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 12:38 - 2015-04-11 12:39 - 00018528 _____ () C:\Users\Tiff\Desktop\FRST.txt 2015-04-11 12:38 - 2015-04-11 12:39 - 00000000 ____D () C:\FRST 2015-04-11 12:35 - 2015-04-11 12:36 - 02095616 _____ (Farbar) C:\Users\Tiff\Desktop\FRST64.exe 2015-04-11 08:12 - 2015-02-12 21:38 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-11 08:12 - 2015-02-12 21:15 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-11 08:12 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-04-11 08:12 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-04-11 08:12 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-04-11 08:12 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-04-11 08:12 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-04-11 08:12 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-04-11 08:12 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-04-11 08:12 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-04-11 08:12 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-04-11 08:12 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-11 08:12 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-11 08:12 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-11 08:12 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-04-11 08:12 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-04-11 08:12 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-04-11 08:12 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2015-04-11 08:12 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-11 08:12 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-11 08:12 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-11 08:12 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll 2015-04-11 08:12 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-11 08:12 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-11 08:12 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-11 08:12 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-11 08:12 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-11 08:12 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll 2015-04-11 08:11 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-11 08:11 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-11 08:11 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-11 08:11 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-04-11 08:11 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-11 08:11 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-11 08:11 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-11 08:11 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-11 08:11 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-11 08:11 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-11 08:11 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-11 08:11 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-11 08:11 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-11 08:11 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-11 08:11 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-04-11 08:11 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-11 08:11 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-11 08:11 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-11 08:11 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-04-11 08:11 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-11 08:11 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-04-11 08:11 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-11 08:11 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-11 08:11 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-11 08:11 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-11 08:11 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-11 08:11 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-04-11 08:11 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-04-11 08:11 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-11 08:11 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-04-11 08:11 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-11 08:11 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-11 08:11 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-11 08:11 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-11 08:11 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-11 08:11 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-11 08:11 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-11 08:11 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-04-11 08:11 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-04-11 08:11 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-11 08:11 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-11 08:11 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-11 08:11 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-11 08:08 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-04-11 08:08 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-04-11 08:08 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-04-11 08:07 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-04-11 08:07 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-04-11 08:07 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-04-11 08:07 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-04-11 08:07 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-04-11 08:07 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-04-11 08:07 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-11 08:07 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-11 08:03 - 2015-03-03 09:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-04-11 07:52 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-04-11 07:52 - 2014-08-28 21:32 - 02779136 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-04-11 07:52 - 2014-08-28 20:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-04-11 07:52 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-04-11 07:52 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-04-11 07:52 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-04-11 07:52 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll 2015-04-11 07:52 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll 2015-04-11 07:52 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-04-11 07:52 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll 2015-04-11 07:52 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll 2015-04-11 07:52 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-04-11 07:52 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll 2015-04-11 07:52 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-04-11 07:52 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-04-11 07:52 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-04-11 07:52 - 2014-07-24 11:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2015-04-11 07:52 - 2014-03-19 03:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-04-11 07:52 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-04-11 07:51 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2015-04-11 07:51 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-11 07:51 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2015-04-11 07:51 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-11 07:51 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2015-04-11 07:51 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2015-04-11 07:51 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll 2015-04-11 07:51 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2015-04-11 07:51 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2015-04-11 07:51 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2015-04-11 07:51 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll 2015-04-11 07:51 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2015-04-11 07:51 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll 2015-04-11 07:51 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll 2015-04-11 07:51 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll 2015-04-11 07:51 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll 2015-04-11 07:51 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe 2015-04-11 07:51 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys 2015-04-11 07:51 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-04-11 07:51 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-04-11 07:51 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe 2015-04-11 07:50 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-04-11 07:50 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-04-11 07:50 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-04-11 07:50 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-04-11 07:50 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-04-11 07:50 - 2014-12-05 21:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-04-11 07:50 - 2014-10-29 00:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-04-11 07:50 - 2014-10-29 00:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-04-11 07:50 - 2014-10-28 23:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-04-11 07:50 - 2014-10-28 23:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-04-11 07:50 - 2014-10-28 23:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-04-11 07:50 - 2014-10-28 23:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-04-11 07:50 - 2014-10-28 23:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-04-11 07:50 - 2014-10-28 23:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-04-11 07:50 - 2014-10-28 23:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-04-11 07:50 - 2014-10-28 23:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-04-11 07:50 - 2014-10-28 23:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-04-11 07:50 - 2014-10-28 22:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-04-11 07:50 - 2014-10-28 21:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-04-11 07:50 - 2014-10-28 21:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-04-11 07:50 - 2014-10-28 21:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-04-11 07:50 - 2014-10-28 21:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-04-11 07:47 - 2014-07-10 00:33 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll 2015-04-11 07:47 - 2014-07-10 00:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\lockscreencn.dll 2015-04-10 23:20 - 2015-04-10 23:21 - 00000000 ____D () C:\ProgramData\b2a2d4c000004583 2015-04-10 23:18 - 2015-04-10 23:19 - 00000000 ____D () C:\ProgramData\666e84ec00003fe1 2015-04-10 22:19 - 2015-04-10 22:19 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys 2015-04-10 21:37 - 2015-04-10 23:07 - 00000000 ____D () C:\Program Files (x86)\bUYfasst 2015-04-10 21:19 - 2015-04-10 22:16 - 00000000 ____D () C:\Program Files (x86)\WeowCCoupon 2015-04-10 21:19 - 2015-04-10 22:16 - 00000000 ____D () C:\Program Files (x86)\rrOcckettsaale 2015-04-10 21:19 - 2015-04-10 21:19 - 00000000 ____D () C:\Program Files (x86)\SoundCloud Latest Tracks for Google Chrome 2015-04-10 21:18 - 2015-04-10 22:16 - 00000000 ____D () C:\Program Files (x86)\buyanidbrowse 2015-04-10 21:18 - 2015-04-10 21:58 - 00000000 ____D () C:\ProgramData\10006588788967173859 2015-04-10 21:12 - 2015-04-11 09:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-10 21:11 - 2015-04-10 21:11 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-10 21:11 - 2015-04-10 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-10 21:10 - 2015-04-10 21:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-10 21:10 - 2015-04-10 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-10 21:10 - 2015-03-17 09:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-10 21:10 - 2015-03-17 09:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-10 21:10 - 2015-03-17 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-10 21:08 - 2015-04-10 21:08 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tiff\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-10 21:02 - 2015-04-10 21:02 - 00003428 _____ () C:\Windows\System32\Tasks\NetEngine 2015-04-10 21:02 - 2015-04-10 21:02 - 00000000 ____D () C:\ProgramData\T122078ED 2015-04-10 21:02 - 2015-04-10 21:02 - 00000000 ____D () C:\ProgramData\NetEngine ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 12:25 - 2014-11-18 14:04 - 01071163 _____ () C:\Windows\WindowsUpdate.log 2015-04-11 12:18 - 2014-11-18 14:12 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2597059165-3109412761-1012327868-1002 2015-04-11 12:13 - 2014-12-11 17:16 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite 2015-04-11 12:09 - 2014-12-26 15:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-11 12:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-11 11:59 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-11 09:34 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-11 09:13 - 2014-11-18 14:08 - 00000000 ____D () C:\Users\Tiff\Documents\Youcam 2015-04-11 09:12 - 2015-01-19 23:59 - 00001342 _____ () C:\Windows\Tasks\QWHKP.job 2015-04-11 09:06 - 2014-03-18 05:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-11 09:02 - 2014-04-22 14:59 - 00000000 ____D () C:\ProgramData\McAfee 2015-04-11 09:02 - 2014-04-22 14:59 - 00000000 ____D () C:\Program Files (x86)\McAfee 2015-04-11 09:02 - 2014-03-18 05:44 - 00120948 _____ () C:\Windows\PFRO.log 2015-04-11 09:02 - 2013-08-22 10:46 - 00030219 _____ () C:\Windows\setupact.log 2015-04-11 09:02 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-11 08:59 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData 2015-04-11 08:59 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore 2015-04-11 08:48 - 2014-12-23 17:02 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-11 07:43 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-04-11 07:39 - 2014-11-18 14:21 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2324D154-2DF7-4A6B-A1B7-BCD36DAA3E90} 2015-04-10 23:31 - 2014-04-22 14:41 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-04-10 23:28 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-04-10 23:18 - 2015-01-20 00:03 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer 2015-04-10 23:09 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\security 2015-04-10 22:20 - 2015-01-27 19:01 - 00000000 ____D () C:\Program Files (x86)\speed browser 2015-04-10 22:20 - 2015-01-20 00:15 - 00000000 ____D () C:\Users\Tiff\AppData\Local\SmartWeb 2015-04-10 22:20 - 2015-01-20 00:01 - 00000000 ____D () C:\ProgramData\wIyBpDsN 2015-04-10 22:20 - 2015-01-19 23:59 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-04-10 22:20 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-04-10 21:22 - 2014-12-19 05:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-04-10 21:04 - 2014-11-18 14:07 - 00002072 _____ () C:\Users\Tiff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-10 21:03 - 2015-01-27 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser ==================== Files in the root of some directories ======= 2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\Tiff\AppData\Roaming\QWHKP Some content of TEMP: ==================== C:\Users\Tiff\AppData\Local\Temp\0008861428722647mcinst.exe C:\Users\Tiff\AppData\Local\Temp\0676D62E-113C-977B-D15B-E9FA22A02601.exe C:\Users\Tiff\AppData\Local\Temp\F485F93A-2DB3-97E6-0C01-BF474BC74C99.dll C:\Users\Tiff\AppData\Local\Temp\F485F93A-2DB3-97E6-0C01-BF474BC74C99.exe C:\Users\Tiff\AppData\Local\Temp\optprosetup.exe C:\Users\Tiff\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-11 08:17 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015 Ran by Tiff at 2015-04-11 12:41:03 Running from C:\Users\Tiff\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) APptoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version: - ApptoU) <==== ATTENTION Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - ) <==== ATTENTION! Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{2C0CCB21-5ED3-4417-93D2-CC6BEEB3C7CF}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog) LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden LeapFrog Leapster Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden PepperZip 2.0 (HKLM-x32\...\PepperZip) (Version: 2.0 - PepperWare Co.Ltd.) <==== ATTENTION Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.) Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden rrOcckettsaale (HKLM-x32\...\{D790D3FB-670B-6EF4-3686-4CB69E4ADE96}) (Version: - "") <==== ATTENTION SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.6 - SoftBrain Technologies Ltd.) <==== ATTENTION SoundCloud Latest Tracks for Google Chrome (HKLM-x32\...\{144AC25F-D7A7-B233-BFB8-433771ECB92D}) (Version: - "") <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TheBestDeals (HKLM-x32\...\6E942F3A-143D-A650-D837-C505023DF8C2) (Version: - TheBestDeals-software) <==== ATTENTION Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version: - LeapFrog) Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden WeowCCoupon (HKLM-x32\...\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}) (Version: - WowCoupon) <==== ATTENTION WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2597059165-3109412761-1012327868-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tiff\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-12-2014 16:53:27 Windows Update 27-01-2015 16:23:02 Windows Update 04-02-2015 11:33:06 Windows Update 11-04-2015 08:17:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {053CC159-D21F-437C-8206-5DEE791007CC} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-01-08] (YTDownloader) <==== ATTENTION Task: {05C54A9C-87B3-4443-B192-D879F80C622C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {062D3B8C-600B-4CB9-8EE3-CB3736078983} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company) Task: {0D5CA32A-B587-43C0-94DB-69E06A099458} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {263BA526-CC06-4E58-9FDC-A9A9709ADFFA} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-01-08] (Goobzo) <==== ATTENTION Task: {41EFE559-DEB8-424F-BC98-59509DD7CCEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {534EBB89-0AC4-4A02-BCDD-85DC4B0FFC41} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {5713DE9D-2A9B-4440-AF5B-D542B6DA85E7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated) Task: {68186D3E-44E1-4A7F-AB56-1B76767A1BD1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-27] (Microsoft Corporation) Task: {77F4E65E-A656-4BE4-9211-013BBE4A1B94} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {7B6C4AA7-8B55-431B-BC38-45DEB8EB1346} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {8D380EFA-5378-4A64-B60F-46F445B497DF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation) Task: {AA0B10E0-10D8-44BD-844A-9BE3668DA315} - System32\Tasks\QWHKP => C:\Users\Tiff\AppData\Roaming\QWHKP.exe <==== ATTENTION Task: {BC2463FF-5182-45AA-851D-7FAE66B0D904} - \avaavxvyex No Task File <==== ATTENTION Task: {BE5A6C6C-5218-4114-8D7C-3E93D1A1B08B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-26] (Adobe Systems Incorporated) Task: {C043C5A6-71A1-401F-8AA0-4345BB1CD776} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {D613BDAE-1615-497C-920D-2562058A835F} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {DFA5AF35-9576-4289-9623-6DC816182F1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {E9D8236C-8BCC-4CE8-9B86-4E937C65C1E4} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D6\netengine.exe [2015-04-10] () Task: {ED67D9CA-B818-452E-968A-55222D21D90C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2597059165-3109412761-1012327868-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {F770E077-1C5B-44E2-897D-F41920A4A4E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\QWHKP.job => C:\Users\Tiff\AppData\Roaming\QWHKP.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2013-09-26 14:26 - 2013-09-26 14:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe 2013-09-26 14:32 - 2013-09-26 14:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll 2013-09-26 14:28 - 2013-09-26 14:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-09-26 14:25 - 2013-09-26 14:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-09-26 14:25 - 2013-09-26 14:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-09-26 14:25 - 2013-09-26 14:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2013-09-26 14:39 - 2013-09-26 14:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2013-09-26 14:39 - 2013-09-26 14:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2015-01-08 14:12 - 2015-01-08 14:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll 2015-04-10 21:02 - 2015-04-10 21:02 - 00076288 _____ () C:\ProgramData\NetEngine\bin\D6\netengine.exe 2013-09-25 09:49 - 2013-09-25 09:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-09-25 09:48 - 2013-09-25 09:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-12-19 05:11 - 2014-05-20 11:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-04-10 21:15 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-12-25 07:49 - 2014-12-25 07:49 - 00121344 _____ () C:\Program Files (x86)\PepperZip\shell\PPZShellExtension_x64.dll 2013-09-26 14:34 - 2013-09-26 14:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2013-09-25 09:48 - 2013-09-25 09:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-09-25 09:49 - 2013-09-25 09:49 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll 2014-04-22 15:05 - 2013-02-01 14:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll 2014-04-22 15:05 - 2013-02-01 14:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll 2014-02-01 17:30 - 2014-02-01 17:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2597059165-3109412761-1012327868-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk" ==================== Accounts: ============================= Administrator (S-1-5-21-2597059165-3109412761-1012327868-500 - Administrator - Disabled) Guest (S-1-5-21-2597059165-3109412761-1012327868-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2597059165-3109412761-1012327868-1004 - Limited - Enabled) Tiff (S-1-5-21-2597059165-3109412761-1012327868-1002 - Administrator - Enabled) => C:\Users\Tiff ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/11/2015 00:13:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IDVault.exe, version: 1.14.1014.1, time stamp: 0x543d9baa Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0xa84 Faulting application start time: 0xIDVault.exe0 Faulting application path: IDVault.exe1 Faulting module path: IDVault.exe2 Report Id: IDVault.exe3 Faulting package full name: IDVault.exe4 Faulting package-relative application ID: IDVault.exe5 Error: (04/11/2015 00:13:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) Error: (04/11/2015 11:56:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17324, time stamp: 0x53f834a5 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17041, time stamp: 0x53182120 Exception code: 0xc000027b Fault offset: 0x000000000084ad1a Faulting process id: 0x6ac Faulting application start time: 0xSystemSettings.exe0 Faulting application path: SystemSettings.exe1 Faulting module path: SystemSettings.exe2 Report Id: SystemSettings.exe3 Faulting package full name: SystemSettings.exe4 Faulting package-relative application ID: SystemSettings.exe5 Error: (04/11/2015 11:55:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17324, time stamp: 0x53f834a5 Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17041, time stamp: 0x53182120 Exception code: 0xc000027b Fault offset: 0x000000000084ad1a Faulting process id: 0x828 Faulting application start time: 0xSystemSettings.exe0 Faulting application path: SystemSettings.exe1 Faulting module path: SystemSettings.exe2 Report Id: SystemSettings.exe3 Faulting package full name: SystemSettings.exe4 Faulting package-relative application ID: SystemSettings.exe5 Error: (04/11/2015 09:13:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IDVault.exe, version: 1.14.1014.1, time stamp: 0x543d9baa Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460 Exception code: 0xe0434352 Fault offset: 0x00012f71 Faulting process id: 0x13ec Faulting application start time: 0xIDVault.exe0 Faulting application path: IDVault.exe1 Faulting module path: IDVault.exe2 Report Id: IDVault.exe3 Faulting package full name: IDVault.exe4 Faulting package-relative application ID: IDVault.exe5 Error: (04/11/2015 09:13:02 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) Error: (04/11/2015 08:18:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/11/2015 08:18:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc. System Error: The system cannot find the file specified. . Error: (04/11/2015 07:36:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IDVault.exe, version: 1.14.1014.1, time stamp: 0x543d9baa Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3 Exception code: 0xe0434352 Fault offset: 0x00011d4d Faulting process id: 0x1434 Faulting application start time: 0xIDVault.exe0 Faulting application path: IDVault.exe1 Faulting module path: IDVault.exe2 Report Id: IDVault.exe3 Faulting package full name: IDVault.exe4 Faulting package-relative application ID: IDVault.exe5 Error: (04/11/2015 07:36:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) System errors: ============= Error: (04/11/2015 09:02:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BrsHelper service failed to start due to the following error: %%1053 Error: (04/11/2015 09:02:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the BrsHelper service to connect. Error: (04/11/2015 09:01:14 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY) Description: The system watchdog timer was triggered. Error: (04/11/2015 08:48:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2962409). Error: (04/11/2015 08:48:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for .NET Native on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2954879). Error: (04/11/2015 08:48:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2955164). Error: (04/11/2015 08:48:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2969817). Error: (04/11/2015 08:39:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2967917). Error: (04/11/2015 08:26:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2971239). Error: (04/11/2015 08:25:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2965142). Microsoft Office Sessions: ========================= Error: (04/11/2015 00:13:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IDVault.exe1.14.1014.1543d9baaKERNELBASE.dll6.3.9600.1727853eeb460e043435200012f71a8401d074726df0f2f9C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeC:\Windows\SYSTEM32\KERNELBASE.dllad5b579b-e065-11e4-8269-a02bb85515d1 Error: (04/11/2015 00:13:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) Error: (04/11/2015 11:56:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SystemSettings.exe6.3.9600.1732453f834a5Windows.UI.Xaml.dll6.3.9600.1704153182120c000027b000000000084ad1a6ac01d0746ff9e23d56C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll5841d433-e063-11e4-8269-a02bb85515d1windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/11/2015 11:55:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: SystemSettings.exe6.3.9600.1732453f834a5Windows.UI.Xaml.dll6.3.9600.1704153182120c000027b000000000084ad1a82801d0746a9498f508C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll32afdae5-e063-11e4-8269-a02bb85515d1windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/11/2015 09:13:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IDVault.exe1.14.1014.1543d9baaKERNELBASE.dll6.3.9600.1727853eeb460e043435200012f7113ec01d074593c6d0157C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeC:\Windows\SYSTEM32\KERNELBASE.dll7be5b325-e04c-11e4-8269-a02bb85515d1 Error: (04/11/2015 09:13:02 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) Error: (04/11/2015 08:18:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed System Error: The system cannot find the file specified. Error: (04/11/2015 08:18:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc. System Error: The system cannot find the file specified. Error: (04/11/2015 07:36:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IDVault.exe1.14.1014.1543d9baaKERNELBASE.dll6.3.9600.17055532943a3e043435200011d4d143401d0744bc23d2fd3C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeC:\Windows\SYSTEM32\KERNELBASE.dll09483b5f-e03f-11e4-8268-a02bb85515d1 Error: (04/11/2015 07:36:43 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IDVault.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeLoadException Stack: at GuardId.Program.Main(System.String[]) CodeIntegrity Errors: =================================== Date: 2015-01-19 23:46:05.584 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:46:05.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:58.771 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:58.506 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:51.943 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 23:45:51.646 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E1-2100 APU with Radeon HD Graphics Percentage of memory in use: 50% Total physical RAM: 3554.07 MB Available physical RAM: 1746.34 MB Total Pagefile: 4194.07 MB Available Pagefile: 1944.99 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:445.12 GB) (Free:403.67 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:19.62 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: A9A16C4F) Partition: GPT Partition Type. ==================== End Of Log ============================ Addition.txt FRST.txt
  11. I'm sorry for taking so long to reply. Everything is running okay. Still getting ads and popups when using Chrome but she uses IE instead (no ads or popups).
  12. QUETSION: Chrome says that it is up-to-date. Doing searches with Chrome there's a box below the search saying "YOUR COMPUTER HAS ERRORS!" with this address: https://secure-nym.adnxs.com/click?p1zhXS7i1D-nXOFdLuLUP-xRuB6F6_M_p1zhXS7i1D-nXOFdLuLUP81zt1kXGcwbyuU-8dPJlyKdSTxSAAAAAPorEQBfAAAAXwAAAAIAAABPrHsAQN4DAAAAAQBVU0QAVVNEANgCWgCypQAAEVsAAQQCAQIAAIYAQSq1BQAAAAA./cnd=%21eQZxOgiq620Qz9juAxjAvA8gAw../referrer=https%3A%2F%2Fwww.google.com%2F/clickenc=http%3A%2F%2Fnetwork.adsmarket.com%2Fclick%2FjWZymGacqZiMaXCVX8p6w4iQaphjnYKVjGKYmGehfJmJkHGVZ6N7w41qaZhnnA%3Fdp%3DCP1799594_S95_C8105039_1125370%26dp2%3Dnym1CMrL-4m_uvLLIhACGM3n3c31oobmGyINNjkuMjQyLjY4LjExMSgB%26dp3%3DUhttps%3A%2F%2Fwww.google.com%2F And this POPUP keeps asking me to install a MEDIA PLAYER: http://yel.statserv.net/sd/wrap-0.01.html?u=http%3A%2F%2Fyel.statserv.net%2Fsd%2Fapps%2Ffusionx%2F0.0.3.html%3Faff%3D1060-1052 I tried to paste a SCREENSHOT but I don't know how to Post them in this forum. Please Advise.
  13. The results of Security Check Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Adobe Reader XI Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  14. Hey MrC, You've helped me in the past and I thank you again for your time. Ran AdwCleaner and here are the results: ADWCLEANER: # AdwCleaner v3.004 - Report created 19/09/2013 at 23:31:52 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Katie - KATIE-PC # Running from : C:\Users\Katie\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\iMesh Folder Deleted : C:\ProgramData\AlawarWrapper Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\iMesh Applications Folder Deleted : C:\Program Files (x86)\Searchprotect Folder Deleted : C:\Program Files (x86)\SingAlong Folder Deleted : C:\Program Files (x86)\Uniblue\SpeedUpMyPC Folder Deleted : C:\Program Files\DomaIQ Uninstaller Folder Deleted : C:\Users\Katie\AppData\Local\Conduit Folder Deleted : C:\Users\Katie\AppData\Local\cre Folder Deleted : C:\Users\Katie\AppData\Local\iMesh Folder Deleted : C:\Users\Katie\AppData\Local\SwvUpdater Folder Deleted : C:\Users\Katie\AppData\Local\Temp\apn Folder Deleted : C:\Users\Katie\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Katie\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Katie\AppData\LocalLow\WhiteSmoke_New Folder Deleted : C:\Users\Katie\AppData\Roaming\Searchprotect Folder Deleted : C:\Users\Katie\AppData\Roaming\Uniblue\SpeedUpMyPC Folder Deleted : C:\Users\Katie\Documents\iMesh File Deleted : C:\END File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar File Deleted : C:\windows\Tasks\SpeedUpMyPC.job File Deleted : C:\windows\System32\Tasks\SpeedUpMyPC File Deleted : C:\windows\Tasks\spmonitor.job File Deleted : C:\windows\System32\Tasks\spmonitor ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchEngineProtection] Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1956E0C4-6F80-4562-8999-727751E739B7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BABDA88D-2378-4FF8-A80B-04E1EC298A16} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Imesh Key Deleted : HKLM\Software\iMeshMediabarTb Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC Key Deleted : HKLM\Software\WhiteSmoke_New Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [7292 octets] - [19/09/2013 23:27:40] AdwCleaner[s0].txt - [6999 octets] - [19/09/2013 23:31:52] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7059 octets] ########## Malwarebytes is next... MALWAREBYTES: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.19.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Katie :: KATIE-PC [administrator] 9/19/2013 11:41:15 PM mbam-log-2013-09-19 (23-41-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 222668 Time elapsed: 15 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The computer seems to be running okay now. No random redirects or ads.
  15. Hello forum, My wife's laptop is infected, again. Google redirecting, UniBlue pops up at startup, and other random weirdness. Thanks in advance for all the support and help (and patience!!). DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2 Run by Katie at 21:39:26 on 2013-09-19 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2667 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\windows\system32\svchost.exe -k imgsvc C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\sysWOW64\wbem\wmiprvse.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\wuauclt.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = <local>;*.local uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned> dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Shop to Win 2: {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files (x86)\Shop to Win 2\ShoppingBHO.dll BHO: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll BHO: Price Finder: {6E89E1D3-C66F-41C4-A648-CD91544E99C3} - C:\Users\Katie\AppData\Roaming\PriceFinder\PriceFinderHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [searchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNTg5MzEyOTc3LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMS1GTDEwKzEtRERUKzQyOTQ5NDU2MzItREQxMEYrMS1TVDEwRkFQUCsx"&"prod=90"&"ver=10.0.1410 StartupFolder: C:\Users\Katie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{AB26A1EA-BB73-4B7E-85AA-C3A5271690EC} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{AB26A1EA-BB73-4B7E-85AA-C3A5271690EC}\14E64627F69646140593930333 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{AB26A1EA-BB73-4B7E-85AA-C3A5271690EC}\16474777966696 : DHCPNameServer = 192.168.4.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{AB26A1EA-BB73-4B7E-85AA-C3A5271690EC}\4656661657C647 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{AB26A1EA-BB73-4B7E-85AA-C3A5271690EC}\D497562737D27657563747 : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-1-14 55280] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-1-14 482384] R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688] R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-23 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-17 701512] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2010-3-31 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-1-14 215040] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8187B.sys [2010-3-31 450048] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2010-3-23 172704] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-8-17 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;C:\windows\System32\drivers\qscnusb.sys [2011-4-1 118016] S3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2011-5-1 91304] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-3-23 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-1-14 222208] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920] S3 TFsExDisk;TFsExDisk;C:\windows\System32\drivers\TFsExDisk.sys [2011-5-1 16448] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-1-14 51512] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-3-23 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);C:\windows\System32\drivers\V0400Vid.sys [2010-3-23 242816] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-4-15 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-09-20 01:28:28 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D48E2017-F07B-4A62-B087-6130C8E2CD8E}\offreg.dll 2013-09-19 15:04:57 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-09-19 14:20:23 -------- d-----w- C:\4f9fe5287891b8adc72bed27ecdf99c7 2013-09-19 13:08:18 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D48E2017-F07B-4A62-B087-6130C8E2CD8E}\mpengine.dll 2013-09-12 23:38:34 -------- d-----w- C:\Program Files (x86)\LyricsSpeaker 2013-09-07 23:57:23 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5503E9C-621E-424D-94AA-9DA5D3F5CF70}\gapaengine.dll 2013-09-07 23:56:49 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2013-09-01 22:11:56 -------- d-----w- C:\windows\System32\MRT 2013-08-31 14:20:59 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-08-10 05:22:18 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-08-10 05:20:59 3959296 ----a-w- C:\windows\System32\jscript9.dll 2013-08-10 05:20:55 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-08-10 05:20:55 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-08-10 03:59:10 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-08-10 03:58:09 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-08-10 03:58:06 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-08-10 03:58:06 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-08-10 03:17:38 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-08-10 03:07:50 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-08-10 02:27:59 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-08-10 02:17:19 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-08-08 01:20:43 3155456 ----a-w- C:\windows\System32\win32k.sys 2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys 2013-08-02 02:23:53 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2013-07-18 21:23:20 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-18 21:23:20 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-06-30 15:29:50 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-30 15:29:42 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-06-30 15:29:42 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll . ============= FINISH: 21:41:14.83 =============== ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/20/2010 12:14:15 AM System Uptime: 9/19/2013 9:27:46 PM (0 hours ago) . Motherboard: TOSHIBA | | NBWAA Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 96.885 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP285: 7/18/2013 8:20:04 AM - Windows Update RP286: 7/18/2013 9:03:30 AM - Windows Update RP287: 7/25/2013 11:01:28 AM - Windows Update RP288: 7/29/2013 5:09:12 PM - Windows Update RP289: 8/11/2013 8:40:39 PM - Windows Update RP291: 8/31/2013 10:07:36 AM - Microsoft Antimalware Checkpoint RP292: 8/31/2013 10:10:53 AM - Windows Update RP293: 9/1/2013 6:08:55 PM - Windows Update RP294: 9/7/2013 7:55:27 PM - Windows Update RP295: 9/19/2013 9:06:12 AM - Windows Update RP296: 9/19/2013 10:10:43 AM - Windows Update RP297: 9/19/2013 11:04:15 AM - Windows Update RP299: 9/19/2013 9:10:13 PM - Microsoft Antimalware Checkpoint . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 18 WoS Across America 2002 Games 3 Days Zoo Mystery 4 Elements 4 Elements II 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.04) Advanced Audio FX Engine Agatha Christie 4.50 from Paddington Special Edition Agatha Christie Bundle - 3 in 1 Alabama Smith in Escape from Pompeii Amelia Earhart Annabel Apple Application Support Apple Mobile Device Support Apple Software Update Ashtons Family Resort Avenue Flo - Special Delivery Be a King 2 Becky Brogan The Mystery of Meane Manor Bejeweled Twist Best Buy Software Installer Bing Bar Bing Rewards Client Installer Bonjour Brain Puzzles 2 BufferChm Burger Time Deluxe Buried In Time Call of Atlantis Campfire Legends - The Babysitter Cindys Travels- Flooded Kingdom Classic Adventures The Great Gatsby Coffee Rush 3 Committed - Mystery at Shady Pines Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows Creative Live! Cam Center Creative Live! Cam Notebook Pro (VF0400) Driver (1.05.03.00) Creative Live! Central 2 Creative System Information D3DX10 Dark Parables - Curse Of Briar Rose Deadtime Stories Department 42 The Mystery of the Nine Destinations DeviceDiscovery DJ_AIO_05_F4400_Software_Min Downtown Secrets Dr. Lynch Grave Secrets Dracula Love Kills Dream Day True Love Dream Mysteries - Case of the Red Fox Echoes of the Past Royal House Empress of the Deep Epic Adventure Bundle – 3 in 1 Escape the Emerald Star Escape Whisper Valley F4400 Farm Frenzy - Ancient Rome Farm Frenzy - Viking Heroes Farm Frenzy 3 American Pie Farm Frenzy Gone Fishing Farm Frenzy – Pizza Party! farmers_market Farmscapes Fishdom 2™ Foodie Fun Bundle – 5 in 1 FoxTab PDF Creator GamesBar 2.0.1.73 Gemini Lost Google Chrome Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Gravely Silent Grim Tales - The Bride Heroes Of Hellas Heroic Adventures 4-in-1 Pack Hidden Magic Hidden Mysteries Buckingham Hidden Object Heroes Bundle Hidden Object Mystery Pack 4-in-1 Hide and Secret - The Lost World Holly 2 - Magic Land Hotel Dash 2 Lost Luxuries HP Customer Participation Program 13.0 HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 HP Imaging Device Functions 13.0 HP Print Projects 1.0 HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update HPPhotoGadget hpPrintProjects HPProductAssistant HPSSupply hpWLPGInstaller iMesh Info Center 1.0.0.5 Insider Tales – The stolen Venus Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Intrigue Inc Ravens Flight iTunes Jane Lucky Java 7 Update 25 Java Auto Updater JavaFX 2.1.1 Jewel Quest (remove only) Junk Mail filter update Land Grabbers Letters from Nowhere Bundle 2-in-1 Life Quest Logitech Vid Love And Death Bitten Love Chronicles the Sword and the Rose Loyalty Bundle – 3 in 1 LUXOR 5th Passage LyricsSpeaker Magic Encyclopedia Moonlight Mystery Magic Encyclopedia. First Story Magic Mystery and Adventure Bundle Malwarebytes Anti-Malware version 1.75.0.1300 Margrave - The Curse of the Severed Heart MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Default Manager Microsoft IntelliPoint 8.0 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Midnight Mysteries Salem Witch Trial Millionaire Manor The Hidden Object Show 3 Miriel’s Magic Bundle – 2 in 1 MobileMe Control Panel Mortimer Beckett Bundle - 2 in 1 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Murder She Wrote Music Manager Music Oasis My Farm Life 2 My Life Story Adventures Mystery Case Files - 13th Skull Mystery Case Files - Dire Grove Mystery Case Files Huntsville Mystery Cookbook Mystery P.I. The Curious Case of Counterfeit Cove Mystery P.I.™ - Stolen in San Francisco Mystery Trackers 2 Napster Download Manager Natalie Brooks - Secrets of Treasure House Natalie Brooks - The Treasures of the Lost Kingdom Network Play System (Patching) Nightfall Mysteries 2 - Asylum Conspiracy Nightfall Mysteries Curse Opera Nightmare on the Pacific Nora Roberts - Vision In White PC Matic 1.1.0.41 PC Suite Peggle Nights Penny Dreadfuls - Sweeney Todd Phantasmat Plants vs Zombies - Game of The Year PlayReady PC Runtime amd64 Price Finder Profiler QuickTime Rachel’s Retreat Ranch Rush 2 Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver Red Crow Mysteries - Legion Rescue Frenzy Rescue Team 2 Rhianna Ford - The Da Vinci Letter Rite of Passage - The Perfect Show Robin’s Quest - A Legend Born RollerCoaster Tycoon Deluxe Roxio Burn Roxio Express Labeler 3 Roxio Roxio Burn Roxio Update Manager Royal Envoy TM Safari Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Scan Scepter of Ra Search Toolbar Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition Shop for HP Supplies Shop to Win 2 ShopAtHome.com Toolbar Shutter Island Skype Toolbars Skype™ 5.10 SmartWebPrinting Soap Opera Dash Solitaire Kingdom Supreme SolutionCenter SpeedUpMyPC Sprill - The Mystery of The Bermuda Triangle Sprill and Ritchie - Adventures In Time Status Stray Souls - Dollhouse Story Super Granny 5 Survival Of The Fittest 2 in 1 Synaptics Pointing Device Driver The Curse Of Montezuma The Mystery of the Mary Celeste The Sims Livin' Large The Treasures Of Mystery Island Toolbox TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert TOSHIBA Media Controller TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package ToshibaRegistration TrayApp Trinklit Supreme Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Utility Common Driver Vampire Saga - Pandoras Box Vampireville Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables VIVA MEDIA GAME CENTER Voodoo Whisperer WebReg West Coast Swing Bundle Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Women’s Murder Club - Little Black Lies Women’s Murder Club Twice in a Blue Moon Yahoo! Messenger Yahoo! Toolbar Zuma’s Revenge . ==== Event Viewer Messages From Past Week ======== . 9/19/2013 9:29:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 9/19/2013 9:24:13 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 9/19/2013 8:24:55 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831 9/12/2013 7:40:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SHAMBI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AB26A1EA-BB73-4B7E-85AA-C3A5271690EC}. The master browser is stopping or an election is being forced. . ==== End Of File ===========================
  16. First, let me thank you guys for taking the time to address my issues. @David Lipman: I did everything as illustrated in your reply. Unfortunately, the Saffire Pro40 still is not handling the internet like it should. Let's just say that the Saffire Pro40 and Youtube are not close friends at this point. I barely had room to move the firewire card to a new slot because my Radeon 4650 is in the way of one of them; and I only have three. @CWB: I agree with everything you guys are saying and I think it's time to knuckle down and tell myself that I need a dedicated rig for music. As you can see, I'm kind of a Jack-of-all-trades when it comes to my computer usage, but a dedicated system would keep down on all the downtime from errors and crashes. In the long run it would save me some money, too. So, again, I thank you for all your time and patience in addressing this post. Thank you Advanced Setup, David Lipman, and CWB. If you guys come up with anything else to try, by all means, feel free to let me know. I'm willing to resolve this if it can be resolved.
  17. I sometimes use the internet to download samples and I need my recording rig to be connected to the internet. I don't have a second rig to use for internet only. It's a Focusrite Saffire Pro40 Firewire Audio Interface connected via firewire cable to a PCI Firewire card. Focusrite Saffire Pro40 In light of your suggestion I think I need to rethink how I have my rig set up. I could use my laptop to download internet content and filter it to my desktop for further processing. That may be how I'll set up my next rig.
  18. Since your previous post I've turned the Focusrite Saffire off (the drivers and software are still installed). I've bypassed all audio to my internal sound card. The system is running fine and Youtube videos play without interuption. The problem is, this computer is used in my studio setup to produce and record music, so I need my audio interface to work. I'm thinking back to about two months ago when a static discharge (carpeted room!) caused the system to shut off completely. That may have something to do with it. But the system was stable right after that. Could it be the firewire card is malfunctioning?
  19. I did what you said: I uninstalled the software, disconnected the hardware, and the computer booted into Windows normal. I downloaded the latest software from Focusrite's web site and installed. I reconnected the hardware and everything worked fine. Then I tried to go on Youtube and the system BSoD with the same error message DRIVER_IRQL_NOT_LESS_OR_EQUAL
  20. PC issues driving me MAD!

  21. DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by Tahshambi Simmons at 19:52:54 on 2013-04-07 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2509 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: PC Tools Firewall Plus *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\Grxp4exe.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Documents and Settings\Tahshambi Simmons\Local Settings\Application Data\Akamai\netsession_win.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Tahshambi Simmons\Local Settings\Application Data\Akamai\netsession_win.exe C:\Program Files\Focusrite\Saffire MixControl\SaffireCpl.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/webhp?sourceid=navclient&ie=UTF-8 mStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com mDefault_Page_URL = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com uProxyOverride = 127.0.0.1:9421;<local> uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\26.0.1410.43\npchrome_frame.dll BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\coupons.com couponbar\tbcore3.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\coupons.com couponbar\tbcore3.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [\\HOME-PC\EPSON Stylus CX9400Fax Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticfa.exe /fu "c:\docume~1\tahsha~1\locals~1\temp\E_S13.tmp" /EF "HKCU" uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [Akamai NetSession Interface] "c:\documents and settings\tahshambi simmons\local settings\application data\akamai\netsession_win.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\tahshambi simmons\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [Gravis Xperience Driver Support] Grxp4exe.exe /init mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe mRun: [saiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe mRun: [bootSkin Startup Jobs] "d:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANwAzADkAOAA4ADcAOQA4ADcALQBUADMALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBWAE8AUAA5ACsAMQAtAEQARABUACsAMAA"&"prod=90"&"ver=9.0.894 dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\tahsha~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\tahsha~1\startm~1\programs\startup\saffir~1.lnk - c:\program files\focusrite\saffire mixcontrol\SaffireCpl.exe StartupFolder: c:\docume~1\tahsha~1\startm~1\programs\startup\taskmgr.lnk - c:\windows\system32\taskmgr.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343317476468 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax8623.cab TCP: Interfaces\{910E0252-88D3-4653-8653-46C1D5ED0CC8} : NameServer = 8.8.8.8,8.8.4.4,208.67.220.220 Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\26.0.1410.43\npchrome_frame.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\tahshambi simmons\application data\mozilla\firefox\profiles\ybavit06.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p= FF - plugin: c:\documents and settings\tahshambi simmons\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - plugin: d:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - ExtSQL: !HIDDEN! 2009-09-17 16:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-12-20 16384] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296] R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2009-9-17 11920] R1 MpKsl9c3d90f0;MpKsl9c3d90f0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d37133af-2952-4518-b2eb-e0862a5809b7}\MpKsl9c3d90f0.sys [2013-4-7 29904] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-7-29 251560] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-17 12672] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-15 238952] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-13 682344] R2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files\m-audio\oxygen\AudioDevMon.exe [2010-3-4 1632776] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-7-29 160576] R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2012-7-29 286000] R2 QuattroInstallerService;Quattro Installer;c:\program files\m-audio usb quattro\install\QuatInst.exe [2009-12-13 86016] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-10-20 103040] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-15 36608] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-13 21104] R3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\drivers\MAudioOxygen.sys [2010-3-4 112136] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-7-29 89472] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-7-29 57536] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-7-29 125248] R3 Saffire;Saffire;c:\windows\system32\drivers\Saffire.sys [2013-3-16 168984] R3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys [2013-3-16 38168] R3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys [2013-3-16 30616] R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2011-11-1 36040] RUnknown MpKslc52ec6a9;MpKslc52ec6a9; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-12-20 107008] S3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [2009-12-13 9216] S3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [2009-12-13 6656] S3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [2009-12-13 41856] S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\drivers\MAudioLegacyKeyboard_DFU.sys [2011-2-19 23304] S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\drivers\MAudioLegacyKeyboard.sys [2011-2-19 167304] S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-12-20 15488] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-12-20 15232] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2009-9-17 266432] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-7-29 57536] S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [2010-2-21 176640] S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-9-16 20168] S3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [2009-12-13 22368] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-1-4 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-1-4 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-1-4 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-1-4 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-1-4 25704] . =============== Created Last 30 ================ . 2013-04-07 23:40:23 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d37133af-2952-4518-b2eb-e0862a5809b7}\MpKsl9c3d90f0.sys 2013-04-07 22:11:17 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d37133af-2952-4518-b2eb-e0862a5809b7}\MpKslc52ec6a9.sys 2013-04-07 01:29:05 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d37133af-2952-4518-b2eb-e0862a5809b7}\mpengine.dll 2013-04-06 01:06:14 7108640 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-16 22:03:29 38168 ----a-w- c:\windows\system32\drivers\SaffireAudio.sys 2013-03-16 22:03:29 30616 ----a-w- c:\windows\system32\drivers\SaffireMidi.sys 2013-03-16 22:03:29 168984 ----a-w- c:\windows\system32\drivers\Saffire.sys 2013-03-16 22:03:26 73728 ----a-w- c:\windows\system32\Uninstall.dll 2013-03-16 20:14:47 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys 2013-03-16 20:14:47 141056 ----a-w- c:\windows\system32\drivers\ks.sys 2013-03-16 20:14:46 23552 ----a-w- c:\windows\system32\wdmaud.drv 2013-03-16 20:14:45 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys 2013-03-16 20:14:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-03-16 20:14:45 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll 2013-03-16 20:14:45 4096 ----a-w- c:\windows\system32\ksuser.dll 2013-03-16 20:14:45 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys 2013-03-16 20:14:45 146048 ----a-w- c:\windows\system32\drivers\portcls.sys 2013-03-16 20:14:45 129536 ----a-w- c:\windows\system32\ksproxy.ax 2013-03-16 20:14:44 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys 2013-03-16 20:14:44 49408 ----a-w- c:\windows\system32\drivers\stream.sys . ==================== Find3M ==================== . 2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-16 19:46:26 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-16 19:46:26 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-08 00:19:23 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-08 00:19:20 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-08 00:19:19 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-08 00:19:19 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-24 14:50:57 24040 ----a-w- c:\windows\TMPG001.TMP 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys . ============= FINISH: 19:54:11.46 =============== ATTACH: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 9/16/2009 5:20:31 PM System Uptime: 4/7/2013 7:39:36 PM (0 hours ago) . Motherboard: ECS | | A780GM-A Processor: AMD Athlon X2 240 Processor | CPU 1 | 1596/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 116 GiB total, 32.749 GiB free. D: is FIXED (NTFS) - 116 GiB total, 14.395 GiB free. E: is FIXED (NTFS) - 116 GiB total, 90.399 GiB free. F: is FIXED (NTFS) - 116 GiB total, 92.509 GiB free. G: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81111019&REV_02\4&6647B44&0&0030 Manufacturer: Realtek Semiconductor Corp. Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_81111019&REV_02\4&6647B44&0&0030 Service: RTLE8023xp . ==== System Restore Points =================== . RP149: 1/12/2013 4:47:50 PM - System Checkpoint RP150: 1/13/2013 8:40:46 PM - System Checkpoint RP151: 1/17/2013 4:49:25 PM - System Checkpoint RP152: 1/18/2013 5:49:12 PM - System Checkpoint RP153: 1/19/2013 8:51:19 PM - System Checkpoint RP154: 1/20/2013 9:23:33 PM - System Checkpoint RP155: 2/2/2013 12:34:30 PM - System Checkpoint RP156: 2/8/2013 11:38:44 AM - System Checkpoint RP157: 2/11/2013 8:49:03 PM - Software Distribution Service 3.0 RP158: 2/11/2013 9:23:33 PM - Software Distribution Service 3.0 RP159: 2/13/2013 11:37:01 AM - Software Distribution Service 3.0 RP160: 2/16/2013 9:15:50 AM - System Checkpoint RP161: 2/17/2013 2:10:54 PM - Software Distribution Service 3.0 RP162: 2/17/2013 2:21:29 PM - Removed Java 7 Update 7 RP163: 2/17/2013 2:21:51 PM - Installed Java 7 Update 13 RP164: 2/17/2013 8:58:25 PM - Software Distribution Service 3.0 RP165: 2/18/2013 12:16:36 PM - Software Distribution Service 3.0 RP166: 2/19/2013 12:12:57 PM - Software Distribution Service 3.0 RP167: 2/20/2013 1:18:50 PM - Software Distribution Service 3.0 RP168: 2/20/2013 8:43:41 PM - Software Distribution Service 3.0 RP169: 2/23/2013 10:22:59 AM - Software Distribution Service 3.0 RP170: 2/23/2013 10:48:27 AM - Removed Java 7 Update 13 RP171: 2/23/2013 10:48:47 AM - Installed Java 7 Update 15 RP172: 2/23/2013 8:41:09 PM - Software Distribution Service 3.0 RP173: 3/1/2013 9:48:16 AM - Software Distribution Service 3.0 RP174: 3/1/2013 8:45:35 PM - Software Distribution Service 3.0 RP175: 3/2/2013 9:06:29 PM - Software Distribution Service 3.0 RP176: 3/3/2013 8:52:46 PM - Software Distribution Service 3.0 RP177: 3/4/2013 9:06:43 PM - Software Distribution Service 3.0 RP178: 3/5/2013 9:01:54 AM - Software Distribution Service 3.0 RP179: 3/5/2013 9:07:00 PM - Software Distribution Service 3.0 RP180: 3/7/2013 9:51:50 AM - Software Distribution Service 3.0 RP181: 3/7/2013 7:05:03 PM - Unsigned driver install RP182: 3/7/2013 7:18:54 PM - Removed Java 7 Update 15 RP183: 3/7/2013 7:19:15 PM - Installed Java 7 Update 17 RP184: 3/8/2013 1:00:48 PM - Software Distribution Service 3.0 RP185: 3/16/2013 12:49:57 PM - Software Distribution Service 3.0 RP186: 3/16/2013 12:51:18 PM - Microsoft Antimalware Checkpoint RP187: 3/16/2013 12:59:58 PM - Installed Microsoft Fix it 50052 RP188: 3/16/2013 2:31:22 PM - Software Distribution Service 3.0 RP189: 3/16/2013 4:15:34 PM - Unsigned driver install RP190: 3/16/2013 6:04:17 PM - Unsigned driver install RP191: 3/16/2013 9:29:35 PM - Software Distribution Service 3.0 RP192: 3/17/2013 9:31:45 PM - Software Distribution Service 3.0 RP193: 3/22/2013 10:52:47 AM - Software Distribution Service 3.0 RP194: 3/22/2013 8:34:37 PM - Software Distribution Service 3.0 RP195: 3/24/2013 2:08:47 PM - Software Distribution Service 3.0 RP196: 3/24/2013 2:26:31 PM - Software Distribution Service 3.0 RP197: 3/24/2013 8:44:37 PM - Software Distribution Service 3.0 RP198: 3/30/2013 8:45:31 AM - Software Distribution Service 3.0 RP199: 3/30/2013 9:27:46 AM - Installed Microsoft Fix it 50052 RP200: 4/5/2013 12:35:46 PM - Software Distribution Service 3.0 RP201: 4/5/2013 9:06:08 PM - Software Distribution Service 3.0 RP202: 4/6/2013 2:43:06 PM - Installed QuickTime RP203: 4/6/2013 2:55:43 PM - Configured Far Cry RP204: 4/6/2013 3:05:00 PM - Removed Arcanum GOTY RP205: 4/6/2013 9:28:59 PM - Software Distribution Service 3.0 . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 wdcs.trendmicro.com . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 7-Zip 4.65 Acoustica Effects Pack Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS4 Adobe Premiere Pro Adobe Reader XI (11.0.02) adominizer adominizer (c:\DOS\CDrive\ADOM\) ADRIFT v4.0 Akamai NetSession Interface AMD APP SDK Runtime AMD Catalyst Install Manager Antares Auto-Tune v4.39 Apple Application Support Apple Software Update ASIO4ALL ATI Parental Control & Encoder Awakening 3 BioWare Premium Module: Neverwinter Nights Kingmaker BitTorrent BootSkin Cakewalk VST Adapter 4.4.4.0 Canon Camera Access Library Canon DIGITAL CAMERA Solution Disk Software Guide CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow Launcher Canon Utilities Movie Uploader for YouTube Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities RemoteCapture 2.7 Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chantelise - Demo Chessmaster 9000 Collab Committed - Mystery at Shady Pines Cool Edit Pro 2.1 Counter-Strike Counter-Strike Steamworks Beta Coupon Printer for Windows CouponBar CPUID CPU-Z 1.52.2 D-Fend Reloaded 1.0.0 (deinstall) Day of Defeat Deathmatch Classic Dev-C++ 5 beta 9 release (4.9.9.2) Digidesign Pro Tools LE 7.1 Digidesign Shared Plug-Ins 7.0 discoDSP HighLife v1.4 DJ_AIO_05_F4400_Software_Min Doom 3 Dracula Love Kills DreamStation DXi2 Drumaxx DVD Decrypter (Remove Only) DVD43 v4.6.0 e-Sword EditPlus 3 Empire Earth ERUNT 1.1j Evernote v. 4.5.8 Far Cry (Patch 1.4) FBI Paranormal Case Final Fantasy VII - Ultima Edition FL Studio 10 FL Studio 7 FL Studio 9 Foxit Reader Free 3GP Video Converter version 5.0.0.1117 Free Bomb Factory Plug-Ins 7.0 Freedom Force - Demo GameHack 2.0 GameSpy Arcade Gemini Lost Google Chrome Google Chrome Frame Google Toolbar for Internet Explorer Google Update Helper Gravis Xperience 4.5 Grim Tales - The Bride Half-Life Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life 2: Lost Coast Half-Life: Blue Shift Half-Life: Opposing Force HM - The Forbidden City Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) House of 1000 Doors 2 HP Deskjet F4400 Printer Driver 14.0 Rel. 5 HydraVision IDT Audio IL Download Manager iLike Sidebar InterActual Player InterLok Driver Kit IP Camera Adapter Java 7 Update 17 Java Auto Updater JavaFX 2.1.1 Junk Mail filter update Learn Typing Quick & Easy M-Audio Legacy Keyboard Driver 5.0.0 (x86) M-Audio Oxygen Driver 1.3.0 (x86) Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo Majesty: Gold Edition Malwarebytes Anti-Malware version 1.70.0.1100 Mavis Beacon Teaches Typing Deluxe 17 McGill English Dictionary of Rhyme & Verse Perfect 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Age of Empires Gold Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator 2004 A Century of Flight Microsoft Flight Simulator X Microsoft Flight Simulator X Service Pack 1 Microsoft Flight Simulator X Service Pack 2 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Train Simulator Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 6.0 Standard Edition Microsoft XNA Framework Redistributable 4.0 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MS Access 97 SP2 MSN Music Assistant MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Mystery Valley Native Instruments B4 v1.11 Native Instruments Reaktor 2.3.3 Nero PhotoShow Elite Nero Suite Network Play System (Patching) Neverwinter Nights Neverwinter Nights 2 Noise Reduction Plug-in 2.0i ObjectDock OpenOffice.org 3.1 Opposing Force Pazera Free MP4 to AVI Converter 1.6 PC Tools Firewall Plus 7.0 PoiZone Portal PowerDVD PoxNora QuickTime Railroad Tycoon 3 REALTEK GbE & FE Ethernet PCI-E NIC Driver Reason RemoteCapture 2.7.5 Repulse rgc:audio sfz VSTi v1.96 rgcAudio Triangle I VSTi v1.1 RGSS-RTP Standard Ricochet Rogue Spear RoughDraft 3.0 Roxio Activation Module Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 RPGXP Saffire MixControl 3.1 Saitek SD6 Programming Software 6.6.6.9 Sakura Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Sawer Scan Schizm - mysterious journey Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI Sequence Sierra Utilities SimCity 3000 Unlimited Sonar Producer Edition v4.0.4 Sonic CinePlayer Decoder Pack Sonic Foundry ACID Pro 3.0 Beta Sony Sound Forge 7.0 Sony Vegas Pro 8.0 Sound Forge 5.0 Sound Forge Pro 10.0 SoundFont Librarian Source SDK Source SDK Base 2007 Special Internet Offers SpeedyPC Pro Steam Synthesia (remove only) System Requirements Lab Team Fortress 2 Team Fortress Classic The Longest Journey Demo The Print Shop Resume Pro The Sims Hot Date The Sum of All Fears Tom Clancy's Rainbow Six Toolbox Toxic Biohazard ubi.com Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VAZ Modular 2.1 WebFldrs XP WIDCOMM Bluetooth Software Windows 7 Upgrade Advisor Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Winemaker Extraordinaire WinX Free MP4 to WMV Converter 4.1.10 Xfire (remove only) Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar YAMAHA Musicsoft Downloader 5 Yamaha USB-MIDI Driver Zip Motion Block Video codec (Remove Only) . ==== Event Viewer Messages From Past Week ======== . 4/7/2013 7:42:38 PM, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 ba338d70, parameter3 00000000, parameter4 00000000. 4/6/2013 3:05:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 4/6/2013 1:24:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde 4/5/2013 7:19:25 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000008, parameter4 00000000. . ==== End Of File ===========================
  22. It started out very random but has gotten incresingly more frequent. SYMPTOMS: BSoD after running any extensive multimedia programs (Music, Games, Youtube Videos, etc.) BSoD: DRIVER_IRQ_NOT_LESS_OR_EQUAL MS Knowledge Base says the cause is a USB driver and offers a Fix, but the Fix does nothing Reboot computer and it hangs just after the POST (just before WinXP LogIn Screen shows up) My work-around has been to turn off all external USB devices and see what is causing the hang-up. To my suprise I noticed that if I turn off my Focusrite Firewire Audio Interface before booting up the computer it starts up fine. I'm under the impression that this error has something to do with my firewire card and my audio interface. Also noticed while watching Youtube videos, scrolling the screen while the video is playing causes the audio to become garbled and out of sync with the video. This also happens if audio is playing (WMP) while browsing the web. My interface has a light on the front that indicates when the firewire is connected. It periodicly blinks when audio is out of sync. I haven't changed my setup for a long time so everything is as it has always been and it all worked fine. Please, any assistance in this matter would be great Thank you in advance.
  23. AdwCleaner Log: # AdwCleaner v2.115 - Logfile created 03/25/2013 at 21:46:08 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Katie - KATIE-PC # Boot Mode : Normal # Running from : C:\Users\Katie\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\GamesBar Folder Deleted : C:\Program Files (x86)\iMesh Applications\Mediabar Folder Deleted : C:\Program Files (x86)\Surf Canyon Folder Deleted : C:\Program Files (x86)\Yontoo Layers Client Folder Deleted : C:\ProgramData\GamesBar Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Katie\AppData\Local\APN Folder Deleted : C:\Users\Katie\AppData\Local\PackageAware Folder Deleted : C:\Users\Katie\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Katie\AppData\LocalLow\imeshbandmltbpi Folder Deleted : C:\Users\Katie\AppData\LocalLow\mediabarim Folder Deleted : C:\Users\Katie\AppData\LocalLow\ShoppingReport2 Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2 Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Surf Canyon Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F} Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1 Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062035.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCSB000062035.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1 Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\GamesBarSetup Key Deleted : HKLM\Software\InstallCore Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.172 File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [22874 octets] - [24/03/2013 21:04:21] AdwCleaner[s1].txt - [23246 octets] - [25/03/2013 21:46:08] ########## EOF - C:\AdwCleaner[s1].txt - [23307 octets] ########## SecurityCheck log: Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 7 Update 17 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` I don't get home from work till late tomorrow (TUE) night but i'll try keep up with your replies. Thank you so much for your time and effort.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.