DClogs keeps coming back, keyboard is messed up

dontchaae · March 22, 2015

Hello,

I've recently started to have bugs with my keyboard. When I want to type an accent (I'm French) or any special character with a letter, it doesn't work. I won't get too into the details of how it doesn't work, it's not relevant to my topic. Anyway, I scanned my computer multiple times today with malwarebytes and even if I delete all the "bad" files, they keep creating themselves when I restart the computer. I know this virus steals my personal information, and I obviously don't want that. It wouldn't be so bad if it didn't keep messing up my keyboard, too.

Can somebody help me?

kevinf80 · March 22, 2015

Hello and welcome to Malwarebytes,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me see those logs in your reply...

Thank you,

Kevin..

dontchaae · March 22, 2015

Here is the Malwarebytes scan log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2015-03-22

Scan Time: 15:43:15

Logfile:

Administrator: Yes

Version: 2.01.4.1018

Malware Database: v2015.03.22.06

Rootkit Database: v2015.02.25.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Charlotte

Scan Type: Custom Scan

Result: Cancelled

Objects Scanned: 228060

Time Elapsed: 1 hr, 19 min, 53 sec

Memory: Disabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.Babylon.A, HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [f39b4efa068464d24b1d3beba55e23dd],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.OpenCandy, C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll, Quarantined, [622c58f0820852e4234d4ecb18ee7c84],

Physical Sectors: 0

(No malicious items detected)

(end)

And here is the Farbar scan log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Charlotte (administrator) on CHARLOTTE-PC on 22-03-2015 17:31:03

Running from C:\Users\Charlotte\Desktop

Loaded Profiles: Charlotte (Available profiles: Charlotte & Jeff & DefaultAppPool)

Platform: Windows 8.1 Pro (X64) OS Language: Français (France)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

(Dropbox, Inc.) C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-09] (Realtek Semiconductor)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-25] (FUJITSU LIMITED)

HKLM\...\Run: [FJUPDNV_Chitose] => C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe [157184 2010-01-12] (FUJITSU LIMITED)

HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED)

HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)

HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED)

HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [200552 2011-01-12] (FUJITSU LIMITED)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-12-08] (cyberlink)

HKLM-x32\...\Run: [EasyDownloads] => C:\Program Files (x86)\Easy downloads\easydownloads.exe [854040 2011-10-20] (http://izloader.com/)

HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [updatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-03-05] (CyberLink)

HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-03-05] (CyberLink Corp.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [Facebook Update] => C:\Users\Charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-21] (Facebook Inc.)

HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Charlotte\AppData\Local\Akamai\netsession_win.exe"

HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [DrvUpdater] => C:\Users\Charlotte\AppData\Roaming\DRPSu\DrvUpdater.exe

HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation)

Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk

ShortcutTarget: Acrobat.lnk -> C:\Users\Charlotte\AppData\Roaming\ACRV1.exe ()

Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.ca.fujitsu.com

URLSearchHook: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File

URLSearchHook: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 - (No Name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No File

SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {2B334F88-589D-40EF-B350-59F74987C670} URL = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=kw&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYCA&apn_uid=513453A9-4702-4088-AE67-C311856227DE&apn_sauid=609C4D62-D7E1-4C96-A32F-329F158C5245

SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {58427BD9-BA45-4253-A902-2B090BA7BF59} URL = http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110731,17127,0,18,0

SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-06] (Oracle Corporation)

BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: CrowdStar Gamebar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File

BHO-x32: 4Loot Toolbar BHO -> {D990D1E0-38E7-4E3C-943B-231D1D228497} -> C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll No File

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-06] (Oracle Corporation)

Toolbar: HKLM-x32 - 4Loot Toolbar - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll No File

Toolbar: HKLM-x32 - CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File

Toolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {03A17412-05A4-4F78-91B9-9907C460DC2B} - No File

Toolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-09-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-06] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-26] (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File

FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charlotte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charlotte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-26] (Pando Networks)

FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-10-16]

FF HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:

=======

CHR HomePage: Default -> https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8

CHR StartupUrls: Default -> "https://www.facebook.com/","hxxp://www.youtube.com/?gl=FR&hl=fr", "hxxp://www.tumblr.com/"

CHR Profile: C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YTBiookMMArk) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgjjmgfobfmaldmhdjobkjpnbcjbcmd [2014-01-05]

CHR Extension: (AdBlock) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-10]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]

CHR Extension: (Google Wallet) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR HKLM-x32\...\Chrome\Extension: [kolgnaidildmdbfgdnoapjdianbpajne] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-04] (CyberLink)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-04-18] (Microsoft Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-14] (Electronic Arts)

R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

R2 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED) [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-04-18] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274432 2010-10-19] (Intel Corporation) [File not signed]

R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)

R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)

S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2010-11-04] (Intel Corporation) [File not signed]

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-22] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-04-18] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

U3 idsvc; No ImagePath

S1 MpKsl145a53ff; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BFDA7FD-ED32-46F4-80EF-06485EE7D967}\MpKsl145a53ff.sys [X]

S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 17:24 - 2015-03-22 17:24 - 00000760 _____ () C:\Users\Charlotte\Desktop\Addition.txt

2015-03-22 17:22 - 2015-03-22 17:31 - 00023326 _____ () C:\Users\Charlotte\Desktop\FRST.txt

2015-03-22 17:21 - 2015-03-22 17:31 - 00000000 ____D () C:\FRST

2015-03-22 17:21 - 2015-03-22 17:21 - 02095616 _____ (Farbar) C:\Users\Charlotte\Downloads\FRST64.exe

2015-03-22 17:21 - 2015-03-22 17:21 - 02095616 _____ (Farbar) C:\Users\Charlotte\Desktop\FRST64.exe

2015-03-22 16:46 - 2015-03-22 16:46 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{4C0CC93A-BCA8-46B7-982B-B3D5774D81E0}

2015-03-22 16:40 - 2015-03-22 16:40 - 02241760 _____ (www.PCFixKit.com ) C:\Users\Charlotte\Downloads\PCFixKit_Setup.exe

2015-03-22 16:21 - 2015-03-22 16:47 - 00208518 _____ () C:\Users\Charlotte\Desktop\OTL.Txt

2015-03-22 16:16 - 2015-03-22 16:16 - 00000000 ____D () C:\Spacekace

2015-03-22 16:01 - 2015-03-22 16:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{36E5386F-7EDF-4DFC-9883-0417C2E9BEFD}

2015-03-22 15:55 - 2015-03-22 16:29 - 00000512 _____ () C:\PhysicalMBR.bin

2015-03-22 15:41 - 2015-03-22 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Charlotte\Downloads\OTL.exe

2015-03-22 15:41 - 2015-03-22 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Charlotte\Desktop\OTL.exe

2015-03-22 10:07 - 2015-03-22 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-03-22 10:03 - 2015-03-22 10:03 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-22 10:03 - 2015-03-22 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-22 10:02 - 2015-03-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-22 10:02 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-03-22 10:02 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-03-22 10:02 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-03-22 10:01 - 2015-03-22 10:02 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Charlotte\Downloads\mbam-setup-2.1.4.1018 (1).exe

2015-03-22 10:01 - 2015-03-22 10:01 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Charlotte\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-22 09:59 - 2015-03-22 09:59 - 00001093 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\VS Revo Group

2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\ProgramData\VS Revo Group

2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\Program Files\VS Revo Group

2015-03-22 09:59 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys

2015-03-22 09:58 - 2015-03-22 09:59 - 10801480 _____ (VS Revo Group ) C:\Users\Charlotte\Downloads\RevoUninProSetup.exe

2015-03-22 09:58 - 2015-03-22 09:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Charlotte\Downloads\revosetup.exe

2015-03-22 09:53 - 2015-03-22 09:53 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{D4788AFF-F818-42A2-9A63-C2A2E9ABE8D0}

2015-03-21 17:53 - 2015-03-21 17:53 - 00347816 _____ (Microsoft Corporation) C:\Users\Charlotte\Downloads\MicrosoftFixit.Devices.Run.exe

2015-03-21 16:01 - 2015-03-21 16:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{E38614A0-2A63-433F-9B1A-791B0B0CD5AA}

2015-03-21 12:01 - 2015-03-21 12:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{0C7AC0C5-938C-4297-8277-6579693C8A41}

2015-03-20 11:40 - 2015-03-20 11:40 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{5EE42A7C-84EE-4797-9EFE-D1A8DAC6F16E}

2015-03-16 23:17 - 2015-03-16 23:17 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{BCCEBE1B-627C-4550-8185-B2C70C1436C7}

2015-03-16 08:50 - 2015-03-16 08:50 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{03DA7C2C-E4CF-4527-9043-2F52EB057F9C}

2015-03-16 08:07 - 2015-03-16 08:07 - 01987585 _____ () C:\Users\Charlotte\AppData\Roaming\ACRV1.exe

2015-03-15 23:29 - 2015-03-15 23:29 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{CA8F3491-928C-4C6F-A87A-63B29B70765C}

2015-03-15 11:34 - 2015-03-15 11:34 - 00001250 _____ () C:\Users\Charlotte\AppData\Roaming\~windump.bat

2015-03-15 11:10 - 2015-03-15 11:21 - 00000000 ____D () C:\Users\Charlotte\Downloads\The Sims 4 Outdoor-Retreat Incl. Update 8 MULTi2

2015-03-15 11:09 - 2015-03-15 11:09 - 00014343 _____ () C:\Users\Charlotte\Downloads\TheSims4Outdoor-RetreatIncl.Update8MULTi2 - ThePirateBay.TO.torrent

2015-03-15 10:33 - 2015-03-15 10:33 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{A296C1F2-89BF-495D-9000-F4D0884D8B99}

2015-03-14 17:12 - 2015-03-14 17:12 - 17598137 _____ () C:\Users\Charlotte\Downloads\1279314.zip

2015-03-14 17:11 - 2015-03-14 17:11 - 00225535 _____ () C:\Users\Charlotte\Downloads\Flamingo@BrandonTR.zip

2015-03-14 13:06 - 2015-03-14 13:06 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{5349B5F0-7A7F-4E58-9026-EA2B45BB8635}

2015-03-12 23:39 - 2015-03-12 23:39 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{F89052E2-71C5-40DB-9F6D-495BFC010F6E}

2015-03-12 07:36 - 2015-03-12 07:36 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{D1ADA497-8A28-4BF5-A6E2-BDBA7B4FE890}

2015-03-11 19:13 - 2015-03-11 19:13 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{80BC805D-4411-4D40-8992-EF0A3269B71B}

2015-03-11 08:39 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-03-11 08:39 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-03-11 08:39 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-03-11 08:39 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2015-03-11 08:39 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2015-03-11 08:39 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2015-03-11 08:39 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2015-03-11 08:39 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2015-03-11 08:39 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2015-03-11 08:39 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2015-03-11 08:39 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2015-03-11 08:39 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2015-03-11 08:39 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-03-11 08:39 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-03-11 08:39 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll

2015-03-11 08:39 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll

2015-03-11 08:39 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2015-03-11 08:39 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2015-03-11 08:39 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe

2015-03-11 08:39 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe

2015-03-11 08:39 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2015-03-11 08:39 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2015-03-11 08:39 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll

2015-03-11 08:39 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2015-03-11 08:39 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll

2015-03-11 08:39 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe

2015-03-11 08:39 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2015-03-11 08:39 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll

2015-03-11 08:39 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

2015-03-11 08:39 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2015-03-11 08:39 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll

2015-03-11 08:39 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe

2015-03-11 08:39 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll

2015-03-11 08:39 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2015-03-11 08:39 - 2014-10-28 21:48 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll

2015-03-11 08:39 - 2014-10-28 21:45 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll

2015-03-11 08:39 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll

2015-03-11 08:39 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll

2015-03-11 08:39 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2015-03-11 08:39 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll

2015-03-11 08:39 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll

2015-03-11 08:39 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll

2015-03-11 08:39 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll

2015-03-11 08:39 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll

2015-03-11 08:38 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-03-11 08:38 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-03-11 08:38 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-03-11 08:38 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-03-11 08:38 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-03-11 08:38 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-03-11 08:38 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2015-03-11 08:38 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2015-03-11 08:38 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2015-03-11 08:38 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2015-03-11 08:38 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2015-03-11 08:38 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2015-03-11 08:38 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys

2015-03-11 08:38 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll

2015-03-11 08:38 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll

2015-03-11 08:38 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll

2015-03-11 08:38 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll

2015-03-11 08:38 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll

2015-03-11 08:38 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll

2015-03-11 08:38 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll

2015-03-11 08:38 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll

2015-03-11 08:38 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll

2015-03-11 08:38 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll

2015-03-11 08:38 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll

2015-03-11 08:38 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll

2015-03-11 08:38 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll

2015-03-11 08:38 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-11 08:38 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-03-11 08:38 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2015-03-11 08:38 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2015-03-11 08:38 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2015-03-11 08:38 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2015-03-11 08:38 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-03-11 08:38 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-03-11 08:38 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-03-11 08:38 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll

2015-03-11 08:38 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll

2015-03-11 08:38 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2015-03-11 08:38 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2015-03-11 08:38 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys

2015-03-11 08:38 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll

2015-03-11 08:38 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe

2015-03-11 08:38 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe

2015-03-11 08:38 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll

2015-03-11 08:38 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll

2015-03-11 08:38 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2015-03-11 08:38 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll

2015-03-11 08:38 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2015-03-11 08:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2015-03-11 08:37 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-03-11 08:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-03-11 08:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2015-03-11 08:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-03-11 08:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-03-11 08:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2015-03-11 08:37 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-03-11 08:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2015-03-11 08:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-03-11 08:37 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2015-03-11 08:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-03-11 08:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2015-03-11 08:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-03-11 08:37 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-03-11 08:37 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-03-11 08:37 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-03-11 08:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-03-11 08:37 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-03-11 08:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-03-11 08:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-03-11 08:37 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-03-11 08:37 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-03-11 08:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-03-11 08:37 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-03-11 08:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-03-11 08:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-03-11 08:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-03-11 08:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-03-11 08:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-03-11 08:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-03-11 08:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-03-11 08:37 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-03-11 08:37 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-03-11 08:37 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2015-03-11 08:37 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2015-03-11 08:37 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2015-03-11 08:37 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2015-03-11 08:37 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2015-03-11 08:37 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2015-03-11 08:37 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2015-03-11 08:37 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2015-03-11 08:37 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2015-03-11 08:37 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2015-03-11 08:37 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe

2015-03-11 08:31 - 2015-03-11 08:31 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{1E43BB38-4BC5-4B62-BB59-AF829C0CC198}

2015-03-09 09:20 - 2015-03-09 09:20 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{213CEF8B-ABEC-4A02-AADD-C10ED62F37A6}

2015-03-08 09:22 - 2015-03-08 09:22 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{645270A2-0EB3-4E4D-8527-1D92CF9923CE}

2015-02-26 18:59 - 2015-02-26 18:59 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{1A8B6889-A6A1-4C4D-B366-FECA49B2F745}

2015-02-25 08:52 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls

2015-02-25 08:52 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls

2015-02-25 08:52 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2015-02-25 08:52 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2015-02-25 08:52 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2015-02-25 08:52 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2015-02-23 23:21 - 2015-02-23 23:21 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{AF7950B7-7748-44B8-BB53-836BEE64C8DC}

2015-02-22 14:01 - 2015-02-22 14:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{92191E1F-1CC4-47E7-890A-D2703C75EC31}

2015-02-21 23:23 - 2015-02-21 23:23 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{4A625FE4-7B44-4325-AF0D-CD7882E201DF}

2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{8B09AD81-E709-4FB6-93F6-E7BE4AB4A5C8}

2015-02-20 09:55 - 2015-02-20 09:55 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{63792A84-F79D-4F04-8819-C86EE324A427}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-22 17:24 - 2014-04-18 09:07 - 01931759 _____ () C:\WINDOWS\WindowsUpdate.log

2015-03-22 17:16 - 2011-07-07 13:54 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-22 17:10 - 2012-12-23 14:17 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-575980163-2068655675-1454019340-1000

2015-03-22 17:06 - 2013-03-17 13:54 - 00000000 ___RD () C:\Users\Charlotte\Dropbox

2015-03-22 17:06 - 2013-03-17 13:52 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Dropbox

2015-03-22 17:05 - 2014-08-14 00:53 - 00000392 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job

2015-03-22 17:05 - 2014-04-18 09:40 - 00000000 ___DO () C:\Users\Charlotte\OneDrive

2015-03-22 17:05 - 2011-07-07 13:54 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-22 17:04 - 2014-06-09 16:33 - 00008135 _____ () C:\WINDOWS\setupact.log

2015-03-22 17:04 - 2014-03-17 21:51 - 00310348 _____ () C:\WINDOWS\PFRO.log

2015-03-22 17:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization

2015-03-22 17:04 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-03-22 17:03 - 2012-09-19 22:39 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5

2015-03-22 17:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-03-22 16:59 - 2012-09-23 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-03-22 16:45 - 2012-08-11 02:18 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-03-22 16:14 - 2012-12-13 23:04 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000UA.job

2015-03-22 15:50 - 2011-08-20 00:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-22 15:50 - 2011-08-14 16:39 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Mozilla

2015-03-22 15:20 - 2014-05-04 15:10 - 00003968 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}

2015-03-22 15:15 - 2015-01-17 15:20 - 00000000 ____D () C:\Users\Jeff\AppData\Local\ICSharpCode.net

2015-03-22 15:15 - 2015-01-09 20:58 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\ICSharpCode.net

2015-03-22 15:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2015-03-22 15:15 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-03-22 10:59 - 2012-06-20 21:51 - 00000000 ____D () C:\WINDOWS\en

2015-03-22 09:29 - 2015-01-09 21:29 - 00000093 _____ () C:\Users\Charlotte\AppData\Roaming\WB.CFG

2015-03-21 22:14 - 2012-12-13 23:04 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000Core.job

2015-03-21 13:04 - 2011-07-07 15:52 - 00000000 ____D () C:\Users\Charlotte\Documents\Youcam

2015-03-19 22:17 - 2013-06-03 22:42 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-03-19 17:00 - 2014-03-18 06:06 - 02107562 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-03-19 17:00 - 2014-03-18 05:26 - 00920524 _____ () C:\WINDOWS\system32\perfh00C.dat

2015-03-19 17:00 - 2014-03-18 05:26 - 00202238 _____ () C:\WINDOWS\system32\perfc00C.dat

2015-03-15 11:35 - 2011-07-07 20:41 - 00000000 ____D () C:\ProgramData\Origin

2015-03-14 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-03-14 13:56 - 2014-12-06 10:51 - 00001362 _____ () C:\Users\Public\Desktop\Les Sims 4.lnk

2015-03-14 13:56 - 2014-10-06 19:44 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-14 13:51 - 2011-07-07 20:40 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-03-12 08:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-03-12 07:12 - 2012-05-28 16:31 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\vlc

2015-03-12 07:07 - 2013-08-22 10:44 - 00518008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-03-11 09:31 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-03-11 09:29 - 2011-12-04 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-11 09:22 - 2013-08-08 18:50 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-03-11 09:14 - 2011-07-07 15:07 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-03-11 09:06 - 2009-07-13 22:34 - 00000478 _____ () C:\WINDOWS\win.ini

2015-03-11 08:31 - 2013-03-17 13:54 - 00001083 _____ () C:\Users\Charlotte\Desktop\Dropbox.lnk

2015-03-11 08:31 - 2013-03-17 13:53 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-03-04 17:24 - 2015-01-07 16:42 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-03-04 17:24 - 2015-01-07 16:42 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2015-02-24 20:47 - 2014-01-29 22:47 - 00000000 ____D () C:\Users\Charlotte\Documents\Docs

==================== Files in the root of some directories =======

2015-03-16 08:07 - 2015-03-16 08:07 - 1987585 _____ () C:\Users\Charlotte\AppData\Roaming\ACRV1.exe

2011-08-21 19:52 - 2011-08-21 19:52 - 0000000 _____ () C:\Users\Charlotte\AppData\Roaming\chrtmp

2011-12-04 16:20 - 2013-03-31 21:49 - 0000129 _____ () C:\Users\Charlotte\AppData\Roaming\D2Info0

2011-12-07 18:38 - 2013-03-31 22:24 - 0000008 _____ () C:\Users\Charlotte\AppData\Roaming\DofusAppId0_1

2011-12-04 16:20 - 2013-03-03 22:11 - 0000008 _____ () C:\Users\Charlotte\AppData\Roaming\DofusAppId0_2

2015-01-09 21:29 - 2015-03-22 09:29 - 0000093 _____ () C:\Users\Charlotte\AppData\Roaming\WB.CFG

2015-03-15 11:34 - 2015-03-15 11:34 - 0001250 _____ () C:\Users\Charlotte\AppData\Roaming\~windump.bat

2013-06-03 22:28 - 2013-06-03 22:28 - 0134934 _____ () C:\Users\Charlotte\AppData\Local\ars.cache

2012-06-16 10:04 - 2013-01-09 20:08 - 0005632 _____ () C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-06-03 22:11 - 2013-06-03 22:11 - 0000036 _____ () C:\Users\Charlotte\AppData\Local\housecall.guid.cache

2011-07-07 13:57 - 2011-07-07 13:58 - 0032899 _____ () C:\Users\Charlotte\AppData\Local\IWDAudHelper.20110707.135742.txt

2011-07-07 13:57 - 2011-07-07 13:57 - 0000661 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135727.txt

2011-07-07 13:57 - 2011-07-07 13:57 - 0001578 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135730.txt

2011-07-07 13:57 - 2011-07-07 13:57 - 0001227 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135735.txt

2013-06-03 22:46 - 2013-06-10 12:24 - 0007654 _____ () C:\Users\Charlotte\AppData\Local\Resmon.ResmonCfg

2013-04-26 06:59 - 2013-04-26 06:59 - 0000001 _____ () C:\Users\Charlotte\AppData\Local\socialextraschrome.dat

2013-06-03 22:29 - 2013-06-03 22:29 - 0180459 _____ () C:\ProgramData\1370312308.bdinstall.bin

2013-06-03 22:39 - 2013-06-03 22:39 - 0022725 _____ () C:\ProgramData\1370313570.bdinstall.bin

2013-06-03 22:40 - 2013-06-03 22:40 - 0076924 _____ () C:\ProgramData\1370313573.bdinstall.bin

Some content of TEMP:

====================

C:\Users\Charlotte\AppData\Local\Temp\CloudBackup8805.exe

C:\Users\Charlotte\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbyl06.dll

C:\Users\Charlotte\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-22 11:10

==================== End Of Log ============================

Here is the Additions scan log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Charlotte at 2015-03-22 17:24:43

Running from C:\Users\Charlotte\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

kevinf80 · March 22, 2015

The secondary log from FRST "Addition.txt" is not complete, can you post the full log..

Next,

Upload a File to Virustotal

Go to http://www.virustotal.com/

Click the Choose file button
Navigate to the file C:\Users\Charlotte\AppData\Roaming\ACRV1.exe
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.

Thanks,

Kevin

dontchaae · March 22, 2015

I re-did a scan with malwarebytes, because in the last ones the problematic files were absent, so there you go:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2015-03-22

Scan Time: 17:58:14

Logfile:

Administrator: Yes

Version: 2.01.4.1018

Malware Database: v2015.03.22.06

Rootkit Database: v2015.02.25.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Charlotte

Scan Type: Custom Scan

Result: Cancelled

Objects Scanned: 411700

Time Elapsed: 9 min, 37 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

Malware.Trace, HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\DC3_FEXEC, Quarantined, [4a44a2a6a3e71c1ac0672f7734d0ce32],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 1

Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs, Quarantined, [c4ca0f396822290d447fb123b45033cd],

Files: 2

Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs\2015-03-22-1.dc, Quarantined, [c4ca0f396822290d447fb123b45033cd],

Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs\desktop.ini, Quarantined, [c4ca0f396822290d447fb123b45033cd],

Physical Sectors: 0

(No malicious items detected)

(end)

This is the Addition.txt file in its whole, I didn't modify it:

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Charlotte at 2015-03-22 17:24:43

Running from C:\Users\Charlotte\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

This is the virus total scan result:

Copyright

Product Patch

Original name patch.exe

Internal name patch.exe

File version 1.0.0.5

Description patch

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2015-02-08 20:12:52

Entry Point 0x001CD45E

Number of sections 4

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 8192 1881188 1881600 7.33 8babe58287932e22084c9b73a05212a3

.sdata 1892352 312 512 1.77 466b31c3a5dc7cb69b70ae0326ae3805

.rsrc 1900544 103848 103936 4.36 fc3a80205c9c6bdf04e02e9bdd981b72

.reloc 2007040 12 512 0.10 e8962f6482908ef00e263f29eb203992

PE imports

[+] mscoree.dll

Number of PE resources by type

RT_ICON 5

RT_MANIFEST 1

RT_VERSION 1

RT_GROUP_ICON 1

Number of PE resources by language

NEUTRAL 8

ExifTool file metadata

SubsystemVersion

4.0

LinkerVersion

11.0

ImageVersion

0.0

FileSubtype

0

FileVersionNumber

1.0.0.5

UninitializedDataSize

0

LanguageCode

Neutral

FileFlagsMask

0x003f

CharacterSet

Unicode

InitializedDataSize

104960

FileOS

Win32

MIMEType

application/octet-stream

LegalCopyright

FileVersion

1.0.0.5

TimeStamp

2015:02:08 21:12:52+01:00

FileType

Win32 EXE

PEType

PE32

InternalName

patch.exe

ProductVersion

1.0.0.5

FileDescription

patch

OSVersion

4.0

OriginalFilename

patch.exe

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CodeSize

1881600

ProductName

Patch

ProductVersionNumber

1.0.0.5

EntryPoint

0x1cd45e

ObjectFileType

Executable application

AssemblyVersion

1.0.0.5

kevinf80 · March 22, 2015

This is strange, secondary log is not complete approx 75% of the log is missing, is difficult for me to assess your system with only partial logs... also Virustotal log is not correct, I see no result?

I`m not sure if OTL will work on Windows 8 but I guess we must try to get the information I need...

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7/8 accept UAC alert)

When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Close out all browsers and turn off Security.
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Next,

1. Go here: http://virusscan.jotti.org/ to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\Users\Charlotte\AppData\Roaming\ACRV1.exe

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Thanks,

Kevin

dontchaae · March 22, 2015

Here is the OTL.txt:

OTL logfile created on: 2015-03-22 19:25:12 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Desktop

64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17690)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,91 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 46,60% Memory free

7,91 Gb Paging File | 5,33 Gb Available in Paging File | 67,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 224,78 Gb Total Space | 58,55 Gb Free Space | 26,05% Space Free | Partition Type: NTFS

Drive D: | 224,78 Gb Total Space | 117,03 Gb Free Space | 52,06% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015-03-22 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe

PRC - [2015-03-17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2015-03-17 06:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2015-03-17 06:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2015-03-14 06:12:39 | 000,809,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2015-03-04 18:27:30 | 042,560,368 | ---- | M] (Dropbox, Inc.) -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2015-02-03 20:11:22 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

PRC - [2014-12-19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014-05-27 00:39:13 | 000,056,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

PRC - [2011-03-05 02:49:24 | 000,228,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe

PRC - [2010-12-20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010-12-20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010-12-08 23:36:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2010-09-29 21:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

PRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

========== Modules (No Company Name) ==========

MOD - [2015-03-22 18:22:53 | 000,043,008 | ---- | M] () -- c:\users\charlo~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpamtqb_.dll

MOD - [2015-03-14 06:12:35 | 009,278,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll

MOD - [2015-03-14 06:12:30 | 001,174,856 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll

MOD - [2015-03-14 06:12:28 | 000,080,200 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll

MOD - [2015-03-04 18:08:06 | 000,865,280 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

MOD - [2015-03-04 18:08:06 | 000,750,080 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libGLESv2.dll

MOD - [2015-03-04 18:08:06 | 000,047,616 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libEGL.dll

MOD - [2015-03-04 18:07:48 | 000,200,704 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

MOD - [2014-07-31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014-07-31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2013-09-05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - [2015-02-03 19:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)

SRV:64bit: - [2015-02-03 19:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2014-12-05 21:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2014-10-31 00:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014-08-15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2014-08-15 20:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2014-08-15 20:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2014-07-24 03:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)

SRV:64bit: - [2014-04-18 03:49:43 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2014-04-18 03:49:43 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2014-04-18 03:45:07 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)

SRV:64bit: - [2014-04-18 03:45:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)

SRV:64bit: - [2014-03-18 06:14:12 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2014-03-18 06:14:12 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2014-03-18 06:14:03 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2014-03-18 06:14:01 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2014-03-18 06:14:00 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2014-03-18 06:13:56 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2014-03-18 05:41:40 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2014-03-18 05:41:39 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)

SRV:64bit: - [2014-03-14 02:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)

SRV:64bit: - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)

SRV:64bit: - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2010-09-22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010-06-17 18:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)

SRV:64bit: - [2009-09-30 02:23:00 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)

SRV - [2015-03-17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2015-03-17 06:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2015-03-14 13:50:54 | 001,910,640 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)

SRV - [2015-02-04 14:44:15 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2015-01-23 18:33:44 | 000,834,752 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014-12-19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014-08-15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2014-04-18 03:45:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2014-04-18 03:45:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2014-04-18 03:45:06 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)

SRV - [2014-04-18 03:45:04 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2014-03-14 02:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)

SRV - [2014-01-29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

SRV - [2010-12-20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010-12-20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010-11-04 12:42:12 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015-03-22 19:25:15 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2015-03-17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2015-03-17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2015-02-03 19:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2015-02-03 19:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)

DRV:64bit: - [2015-02-03 19:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2014-12-11 20:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2014-10-28 23:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2014-10-12 22:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2014-10-12 22:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2014-10-12 22:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)

DRV:64bit: - [2014-08-14 20:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2014-07-28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2014-07-24 11:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2014-07-24 11:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2014-07-24 07:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2014-05-01 09:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2014-04-18 03:49:46 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)

DRV:64bit: - [2014-04-18 03:49:44 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2014-04-18 03:49:43 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2014-04-18 03:45:10 | 000,173,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)

DRV:64bit: - [2014-03-18 06:14:02 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2014-03-18 06:13:57 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2014-03-18 06:13:39 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2014-03-18 06:13:37 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2014-03-18 06:13:37 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2014-03-18 06:13:37 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2014-03-18 06:13:37 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2014-03-18 06:13:37 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2014-03-18 05:41:42 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)

DRV:64bit: - [2014-03-18 05:41:31 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)

DRV:64bit: - [2014-03-18 05:41:31 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)

DRV:64bit: - [2014-03-18 05:41:31 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)

DRV:64bit: - [2014-03-18 05:41:31 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)

DRV:64bit: - [2014-03-18 05:41:31 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2014-01-29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)

DRV:64bit: - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)

DRV:64bit: - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)

DRV:64bit: - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)

DRV:64bit: - [2013-07-25 15:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2013-06-18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012-08-21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)

DRV:64bit: - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)

DRV:64bit: - [2011-01-15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2011-01-12 04:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010-11-04 03:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2010-10-19 18:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2010-10-19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010-10-14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010-05-06 22:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010-03-19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009-12-30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009-11-19 08:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2006-11-01 06:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)

DRV:64bit: - [2006-11-01 06:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.ca.fujitsu.com

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{2B334F88-589D-40EF-B350-59F74987C670}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=kw&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYCA&apn_uid=513453A9-4702-4088-AE67-C311856227DE&apn_sauid=609C4D62-D7E1-4C96-A32F-329F158C5245

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{58427BD9-BA45-4253-A902-2B090BA7BF59}: "URL" = http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110731,17127,0,18,0

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJN_frCA439

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charlotte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Charlotte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

[2015-03-22 15:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012-02-16 21:48:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========== Chrome ==========

CHR - default_search_provider: (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - plugin: Error reading preferences file

CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgjjmgfobfmaldmhdjobkjpnbcjbcmd\1.1\

CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.21_0\

CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\

CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\

O1 HOSTS File: ([2013-08-22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found

O2 - BHO: (4Loot Toolbar BHO) - {D990D1E0-38E7-4E3C-943B-231D1D228497} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (4Loot Toolbar) - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not found

O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found

O3 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\Toolbar\WebBrowser: (4Loot Toolbar) - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not found

O3 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found

O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy downloads\easydownloads.exe (http://izloader.com/)

O4 - HKLM..\Run: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)

O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [Akamai NetSession Interface] "C:\Users\Charlotte\AppData\Local\Akamai\netsession_win.exe" File not found

O4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [DrvUpdater] C:\Users\Charlotte\AppData\Roaming\DRPSu\DrvUpdater.exe File not found

O4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [Facebook Update] C:\Users\Charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk = C:\Users\Charlotte\AppData\Roaming\ACRV1.exe ()

O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Java Plug-in 10.7.2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab(Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A55D9F19-96A0-47EA-A4B1-D6B37520D5B1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6BBD6B3-64F8-434D-9C47-0163038DFC59}: DhcpNameServer = 10.141.1.10 10.141.129.10

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015-03-22 19:23:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe

[2015-03-22 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\dclogs

[2015-03-22 17:21:27 | 000,000,000 | ---D | C] -- C:\FRST

[2015-03-22 17:21:10 | 002,095,616 | ---- | C] (Farbar) -- C:\Users\Charlotte\Desktop\FRST64.exe

[2015-03-22 16:46:03 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{4C0CC93A-BCA8-46B7-982B-B3D5774D81E0}

[2015-03-22 16:16:03 | 000,000,000 | ---D | C] -- C:\Spacekace

[2015-03-22 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{36E5386F-7EDF-4DFC-9883-0417C2E9BEFD}

[2015-03-22 10:07:23 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys

[2015-03-22 10:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015-03-22 10:02:49 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys

[2015-03-22 10:02:49 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys

[2015-03-22 10:02:49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys

[2015-03-22 10:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2015-03-22 09:59:59 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\VS Revo Group

[2015-03-22 09:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2015-03-22 09:59:49 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\WINDOWS\SysNative\drivers\revoflt.sys

[2015-03-22 09:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group

[2015-03-22 09:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2015-03-22 09:53:39 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{D4788AFF-F818-42A2-9A63-C2A2E9ABE8D0}

[2015-03-21 16:01:28 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{E38614A0-2A63-433F-9B1A-791B0B0CD5AA}

[2015-03-21 12:01:41 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{0C7AC0C5-938C-4297-8277-6579693C8A41}

[2015-03-20 11:40:11 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{5EE42A7C-84EE-4797-9EFE-D1A8DAC6F16E}

[2015-03-16 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{BCCEBE1B-627C-4550-8185-B2C70C1436C7}

[2015-03-16 08:50:54 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{03DA7C2C-E4CF-4527-9043-2F52EB057F9C}

[2015-03-15 23:29:30 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{CA8F3491-928C-4C6F-A87A-63B29B70765C}

[2015-03-15 10:33:45 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{A296C1F2-89BF-495D-9000-F4D0884D8B99}

[2015-03-14 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{5349B5F0-7A7F-4E58-9026-EA2B45BB8635}

[2015-03-12 23:39:46 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{F89052E2-71C5-40DB-9F6D-495BFC010F6E}

[2015-03-12 07:36:49 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{D1ADA497-8A28-4BF5-A6E2-BDBA7B4FE890}

[2015-03-11 19:13:35 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{80BC805D-4411-4D40-8992-EF0A3269B71B}

[2015-03-11 08:39:46 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll

[2015-03-11 08:39:46 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll

[2015-03-11 08:39:39 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll

[2015-03-11 08:39:38 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll

[2015-03-11 08:39:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll

[2015-03-11 08:39:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll

[2015-03-11 08:39:38 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll

[2015-03-11 08:39:38 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll

[2015-03-11 08:39:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dciman32.dll

[2015-03-11 08:39:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpk.dll

[2015-03-11 08:39:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\photowiz.dll

[2015-03-11 08:39:36 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\photowiz.dll

[2015-03-11 08:39:25 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll

[2015-03-11 08:39:25 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll

[2015-03-11 08:39:24 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pmcsnap.dll

[2015-03-11 08:39:24 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll

[2015-03-11 08:39:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll

[2015-03-11 08:39:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DafPrintProvider.dll

[2015-03-11 08:39:24 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DafPrintProvider.dll

[2015-03-11 08:39:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll

[2015-03-11 08:39:23 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\compstui.dll

[2015-03-11 08:39:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ppcsnap.dll

[2015-03-11 08:39:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\prnntfy.dll

[2015-03-11 08:39:23 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\prnntfy.dll

[2015-03-11 08:39:23 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiapi.dll

[2015-03-11 08:39:23 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiapi.dll

[2015-03-11 08:39:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\findnetprinters.dll

[2015-03-11 08:39:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\findnetprinters.dll

[2015-03-11 08:39:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\printui.exe

[2015-03-11 08:39:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\printui.exe

[2015-03-11 08:39:18 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll

[2015-03-11 08:39:17 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll

[2015-03-11 08:39:16 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\calc.exe

[2015-03-11 08:39:16 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe

[2015-03-11 08:39:12 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys

[2015-03-11 08:39:12 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys

[2015-03-11 08:39:11 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys

[2015-03-11 08:39:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winshfhc.dll

[2015-03-11 08:39:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winshfhc.dll

[2015-03-11 08:38:30 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll

[2015-03-11 08:38:30 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll

[2015-03-11 08:38:30 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rfxvmt.dll

[2015-03-11 08:38:30 | 000,027,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys

[2015-03-11 08:38:27 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll

[2015-03-11 08:38:19 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe

[2015-03-11 08:38:19 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll

[2015-03-11 08:38:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StorageContextHandler.dll

[2015-03-11 08:38:19 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StorageContextHandler.dll

[2015-03-11 08:38:18 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll

[2015-03-11 08:38:18 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll

[2015-03-11 08:38:17 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll

[2015-03-11 08:38:17 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll

[2015-03-11 08:38:17 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll

[2015-03-11 08:38:17 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2015-03-11 08:38:17 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll

[2015-03-11 08:38:17 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2015-03-11 08:38:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe

[2015-03-11 08:38:17 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe

[2015-03-11 08:38:16 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll

[2015-03-11 08:38:16 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll

[2015-03-11 08:38:15 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll

[2015-03-11 08:38:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\atlthunk.dll

[2015-03-11 08:38:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\atlthunk.dll

[2015-03-11 08:38:14 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll

[2015-03-11 08:38:14 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42u.dll

[2015-03-11 08:38:14 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42.dll

[2015-03-11 08:38:14 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42u.dll

[2015-03-11 08:38:14 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42.dll

[2015-03-11 08:38:12 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll

[2015-03-11 08:38:12 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll

[2015-03-11 08:38:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll

[2015-03-11 08:38:12 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll

[2015-03-11 08:38:12 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll

[2015-03-11 08:38:12 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll

[2015-03-11 08:38:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll

[2015-03-11 08:38:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll

[2015-03-11 08:38:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappprxy.dll

[2015-03-11 08:38:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappprxy.dll

[2015-03-11 08:38:05 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll

[2015-03-11 08:37:56 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl

[2015-03-11 08:37:56 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll

[2015-03-11 08:37:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll

[2015-03-11 08:37:55 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll

[2015-03-11 08:37:55 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl

[2015-03-11 08:37:55 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll

[2015-03-11 08:37:55 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll

[2015-03-11 08:37:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll

[2015-03-11 08:37:55 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll

[2015-03-11 08:37:55 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll

[2015-03-11 08:37:55 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll

[2015-03-11 08:37:55 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll

[2015-03-11 08:37:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll

[2015-03-11 08:37:55 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll

[2015-03-11 08:37:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll

[2015-03-11 08:37:54 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll

[2015-03-11 08:37:54 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll

[2015-03-11 08:37:50 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll

[2015-03-11 08:37:50 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockScreenContentServer.exe

[2015-03-11 08:37:43 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2015-03-11 08:37:43 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe

[2015-03-11 08:37:43 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll

[2015-03-11 08:37:43 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll

[2015-03-11 08:37:43 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll

[2015-03-11 08:37:43 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll

[2015-03-11 08:37:42 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll

[2015-03-11 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{1E43BB38-4BC5-4B62-BB59-AF829C0CC198}

[2015-03-09 09:20:16 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{213CEF8B-ABEC-4A02-AADD-C10ED62F37A6}

[2015-03-08 09:22:03 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{645270A2-0EB3-4E4D-8527-1D92CF9923CE}

[2015-02-26 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{1A8B6889-A6A1-4C4D-B366-FECA49B2F745}

[2015-02-25 08:52:08 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll

[2015-02-25 08:52:07 | 000,868,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll

[2015-02-25 08:52:06 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll

[2015-02-25 08:52:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll

[2015-02-23 23:21:20 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{AF7950B7-7748-44B8-BB53-836BEE64C8DC}

[2015-02-22 14:01:08 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{92191E1F-1CC4-47E7-890A-D2703C75EC31}

[2015-02-21 23:23:20 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{4A625FE4-7B44-4325-AF0D-CD7882E201DF}

[2015-02-21 11:15:29 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{8B09AD81-E709-4FB6-93F6-E7BE4AB4A5C8}

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015-03-22 19:25:15 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys

[2015-03-22 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe

[2015-03-22 19:16:44 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2015-03-22 19:16:44 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2015-03-22 19:14:34 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000UA.job

[2015-03-22 18:44:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2015-03-22 18:23:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2015-03-22 18:22:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\DriverToolkit Autorun.job

[2015-03-22 18:21:26 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2015-03-22 18:21:19 | 3152,502,784 | -HS- | M] () -- C:\hiberfil.sys

[2015-03-22 18:18:01 | 020,316,760 | ---- | M] () -- C:\Users\Charlotte\Desktop\RogueKillerX64.exe

[2015-03-22 17:21:04 | 002,095,616 | ---- | M] (Farbar) -- C:\Users\Charlotte\Desktop\FRST64.exe

[2015-03-22 16:29:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2015-03-22 10:03:03 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015-03-22 09:29:02 | 000,000,093 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\WB.CFG

[2015-03-21 22:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000Core.job

[2015-03-19 22:17:48 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2015-03-19 17:00:44 | 002,107,562 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2015-03-19 17:00:44 | 000,920,524 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat

[2015-03-19 17:00:44 | 000,816,048 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2015-03-19 17:00:44 | 000,202,238 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat

[2015-03-19 17:00:44 | 000,169,052 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2015-03-17 08:16:11 | 000,000,847 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk

[2015-03-17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys

[2015-03-17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys

[2015-03-17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys

[2015-03-16 08:07:21 | 001,987,585 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\ACRV1.exe

[2015-03-15 11:34:06 | 000,001,250 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\~windump.bat

[2015-03-14 13:56:10 | 000,001,362 | ---- | M] () -- C:\Users\Public\Desktop\Les Sims 4.lnk

[2015-03-12 07:07:21 | 000,518,008 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2015-03-11 08:31:25 | 000,001,201 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2015-03-11 08:31:19 | 000,001,083 | ---- | M] () -- C:\Users\Charlotte\Desktop\Dropbox.lnk

[2015-03-04 17:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2015-03-04 17:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2015-02-20 20:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll

[2015-02-20 19:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015-03-22 18:18:05 | 020,316,760 | ---- | C] () -- C:\Users\Charlotte\Desktop\RogueKillerX64.exe

[2015-03-22 15:55:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2015-03-22 10:03:03 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015-03-16 08:07:23 | 000,000,847 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk

[2015-03-16 08:07:20 | 001,987,585 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\ACRV1.exe

[2015-03-15 11:34:06 | 000,001,250 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\~windump.bat

[2015-03-11 08:38:33 | 000,396,419 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml

[2015-01-09 21:29:03 | 000,000,093 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\WB.CFG

[2014-07-02 19:50:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll

[2014-07-01 19:46:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll

[2014-07-01 19:46:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll

[2014-07-01 19:46:03 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll

[2014-04-18 08:57:20 | 002,039,104 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2014-03-18 06:14:16 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini

[2014-03-18 06:13:41 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2014-01-29 23:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin

[2014-01-29 23:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll

[2014-01-29 23:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin

[2013-11-05 22:03:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2170W.DAT

[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2013-06-03 22:46:43 | 000,007,654 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\Resmon.ResmonCfg

[2013-06-03 22:40:02 | 000,076,924 | ---- | C] () -- C:\ProgramData\1370313573.bdinstall.bin

[2013-06-03 22:39:33 | 000,022,725 | ---- | C] () -- C:\ProgramData\1370313570.bdinstall.bin

[2013-06-03 22:29:19 | 000,180,459 | ---- | C] () -- C:\ProgramData\1370312308.bdinstall.bin

[2013-06-03 22:28:27 | 000,134,934 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\ars.cache

[2013-06-03 22:11:19 | 000,000,036 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\housecall.guid.cache

[2013-04-26 06:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\socialextraschrome.dat

[2013-04-21 20:45:25 | 000,000,441 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2013-04-21 20:45:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2140.DAT

[2012-06-16 10:04:34 | 000,005,632 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-12-07 18:38:31 | 000,000,008 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\DofusAppId0_1

[2011-12-04 16:20:13 | 000,000,129 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\D2Info0

[2011-12-04 16:20:13 | 000,000,008 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\DofusAppId0_2

[2011-08-21 19:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\chrtmp

========== ZeroAccess Check ==========

[2014-08-13 12:05:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2015-02-12 13:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2015-02-12 13:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011-12-04 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\app

[2014-10-26 22:19:36 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Audacity

[2011-08-19 23:48:53 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Babylon

[2015-03-22 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\dclogs

[2015-03-22 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Dropbox

[2014-05-14 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\InfraRecorder

[2013-04-11 19:09:58 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\JRT Studio

[2014-12-25 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mael

[2013-01-24 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\MakeMusic

[2014-12-22 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Origin

[2012-12-10 07:58:00 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PerformerSoft

[2011-07-23 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PhotoFiltre

[2014-11-29 16:13:13 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PhotoFiltre 7

[2013-06-03 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\QuickScan

[2014-05-04 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\REAPER

[2011-12-04 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1

[2013-09-29 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SimpleFiles

[2011-12-04 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SoftGrid Client

[2014-01-14 00:31:42 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Unity

[2011-07-13 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Windows Live Writer

[2011-07-07 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\SoftGrid Client

[2011-07-07 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TP

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Charlotte\OneDrive:ms-properties

< End of report >

dontchaae · March 22, 2015

Here is the Extras.exe:

OTL Extras logfile created on: 2015-03-22 19:25:12 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Desktop

64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17690)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,91 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 46,60% Memory free

7,91 Gb Paging File | 5,33 Gb Available in Paging File | 67,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 224,78 Gb Total Space | 58,55 Gb Free Space | 26,05% Space Free | Partition Type: NTFS

Drive D: | 224,78 Gb Total Space | 117,03 Gb Free Space | 52,06% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{234F87D1-C966-4A2B-A214-275DBD5EF9DA}" = lport=138 | protocol=17 | dir=in | app=system |

"{316ECA6E-B8F3-40DD-8082-A4FE476DCF91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{474C5555-4434-41EB-A8A3-836323B91735}" = lport=139 | protocol=6 | dir=in | app=system |

"{4B9D09D6-E6A3-45C0-A047-F1376DA4523E}" = lport=445 | protocol=6 | dir=in | app=system |

"{5EF6FBC8-6AB5-407C-A225-9BBEE18987D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5FE1FD8A-C241-466C-B786-FC01A3CE028C}" = rport=139 | protocol=6 | dir=out | app=system |

"{B000DA98-81B5-49E4-AEAB-22EBBA43D435}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"{B6908543-BEBE-452A-AE86-9BD2C249DADF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C5847BBC-F35C-4D23-90EC-FB3943E72373}" = lport=137 | protocol=17 | dir=in | app=system |

"{CC815ABF-460A-4DE7-B0D0-29C63FCB357B}" = rport=137 | protocol=17 | dir=out | app=system |

"{D7E7514D-A9CF-442D-9B52-FFB888893DB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E97FB4C1-F4A0-4F6B-8005-CBF1A9045220}" = rport=445 | protocol=6 | dir=out | app=system |

"{F996A1A6-4B5B-4392-866D-D5E2E196F80E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02CC4086-CEBB-4E76-BD1B-90D631EC208F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe |

"{037E2A2A-DDFC-4D27-B3AE-BC39F7C4ACDE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{0659EB82-31A8-47B8-BEEF-840573BB8F21}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |

"{1CE9B71B-9B57-47D1-8800-880A087DCC9C}" = dir=in | name=juniper networks junos pulse |

"{24EED8C5-58A6-4306-A632-AD36E57E0FAF}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |

"{2713A217-62CF-4820-B554-33E4552948B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{31941474-F15F-464C-A580-8FE66BAF1754}" = dir=out | name=xbox one smartglass |

"{35705B02-C6EE-4087-BCB5-DDB49CCB5993}" = dir=in | name=onenote |

"{36EFBC06-5D93-45DF-8F4D-8834124A8E61}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe |

"{3C6232AE-B497-4971-B003-D7481A271902}" = dir=out | name=f5 vpn |

"{40B1900C-07A0-475F-9CA3-DAABEBE3232A}" = dir=out | name=@{microsoft.bingfinance_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |

"{41256807-871B-458D-94B6-E57EE2313C45}" = dir=in | name=sonicwall mobile connect |

"{41D6CD9C-F667-4BFD-863E-96196D430DC9}" = dir=out | name=@{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{48F19A0D-BE3E-4195-9D2D-8FCDFF76ED69}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{51B3887C-4938-421B-A003-F84B2240F2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of mythology\launcher.exe |

"{5226F6DB-84C4-4CEC-8C0B-58B01A74DDB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{5DF6AF38-B9B0-4290-80AD-13EE5BB791D3}" = dir=out | name=juniper networks junos pulse |

"{72774FE9-F789-45FF-87A7-0E095F0A6FF5}" = dir=out | name=sonicwall mobile connect |

"{79685DD8-27C7-46EF-ADD2-2B9480CCF44E}" = dir=out | name=check point vpn |

"{7A4DF660-BDCB-4575-9FE2-559A079DBAC7}" = dir=in | name=f5 vpn |

"{7E44856B-8430-4B40-82AA-81B895A86E3B}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{7F942FF7-1DE3-485A-ACDD-A363823BE25E}" = protocol=17 | dir=in | app=c:\users\charlotte\appdata\roaming\bittorrent\bittorrent.exe |

"{860090C4-6653-4925-BA50-A57F36A9BC71}" = dir=out | name=@{microsoft.bingtravel_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |

"{8F11C5C9-67AC-45E4-8FD4-DB90FFF57DB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{906DB785-3B4B-4102-A28E-3532AC2092C0}" = dir=out | name=@{microsoft.bingnews_3.0.4.255_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |

"{91C95DA3-82D1-4C8D-B779-FD5DC9FDE71F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |

"{9389E427-4D2B-41AA-8F93-9101E0973D3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{951F2062-C5DE-4BDC-A4D0-72084D8C439E}" = dir=in | name=check point vpn |

"{9C2D8DBB-9811-4510-B1A4-0F5C9D83244E}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{A7E6A53C-B333-4318-93BC-FD46646E6AAB}" = dir=in | name=xbox one smartglass |

"{A9084CBA-5941-48C8-98C2-FB56765FDDA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{AA9823A1-7288-4907-B168-5451DA22F938}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy iii\ff3_launcher.exe |

"{AB0C82D5-E79B-4631-B9BC-A951076B6F25}" = protocol=6 | dir=in | app=c:\users\charlotte\appdata\roaming\bittorrent\bittorrent.exe |

"{ABE6B275-274E-46BE-918A-6D5A8D89E9A5}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.254_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{AC8D627C-E7DB-46C8-B0CA-B1034CC8BB06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy iii\ff3_launcher.exe |

"{B049EF2E-80BC-43F3-8611-3E4D4D8B6C8D}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{B63ED913-BD61-42D1-97CB-C2375F835ECA}" = dir=out | name=@{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |

"{BF4F755F-6B19-4AE5-AB93-C6BBF0DC2076}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |

"{C040CCD6-F242-45F4-8F38-7C5336838AF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of mythology\launcher.exe |

"{C3D37E81-BF27-44DD-BA13-F4FC6F54810C}" = dir=out | name=@{microsoft.zunemusic_2.6.653.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{CAEC4D26-5A5A-48E0-91E0-28DA3E373069}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{CD6842F0-A9A5-46C1-B4BD-35785B5B3426}" = dir=out | name=skype |

"{CD960442-93D7-42E7-99C1-EDD4AD0CE8DC}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{D8612EC1-EC26-4BB0-96B4-84CB5D34E07F}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |

"{DE2B292B-502A-4D05-8109-3278691FFF6F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{E42EADCF-92B4-4EC6-8133-44A836306265}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E7475F57-B067-49E4-9C29-9FA555A8BC26}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |

"{E8E708F5-5F42-41B0-A6DE-7349A47C085A}" = dir=in | name=skype |

"{F49C71D3-9F2E-4D95-B2F5-B2352A656676}" = dir=out | name=onenote |

"{F9FDFBB0-5E7C-4FE8-B2B2-8E244473BCD1}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"TCP Query User{F1485DD5-256B-4184-8E6B-75F9470533A6}C:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{598DAEA5-AD47-4F87-A866-E4A5803F9208}C:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack

"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030

"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager

"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4F90F34B-348A-4F48-8244-5FCAE90C289A}" = Microsoft Camera Codec Pack

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D0A0EC6-9A3C-354F-9BFC-A61E96BE1846}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA

"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010

"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BD-040C-1000-0000000FF1CE}" = Langue des info-bulles Microsoft Office 2010 - Français

"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030

"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility

"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521

"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 30

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2C12184B-F547-455E-8B36-D81ED4E17C46}" = Roxio Creator LJ

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Les Sims™ 3 Showtime

"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Les Sims™ 3 Saisons

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Les Sims™ 3 Accès VIP

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48EBEBBF-B9F8-4520-A3CF-89A730721917}" = Les Sims™ 4

"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in

"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{639BE5F5-720F-4290-84FA-1C53568EAAD4}" = TweetDeck

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator LJ

"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support

"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator LJ

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Les Sims™ 3 Ambitions

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = Les Sims™ 3 En route vers le Futur

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager

"{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Français

"{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc

"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Les Sims™ 3 Super-pouvoirs

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Les Sims™ 3 Destination Aventure

"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Les Sims™ 3 Animaux & Cie

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1

"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility

"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = Les Sims™ 3 Île de Rêve

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Les Sims™ 3 Générations

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = Les Sims™ 3 University

"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI

"Audacity_is1" = Audacity 2.0.3

"Finale NotePad 2012" = Finale NotePad 2012

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager

"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc

"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility

"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility

"LAME_is1" = LAME v3.99.3 (for Windows)

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018

"Origin" = Origin

"Picasa 3" = Picasa 3

"Sptnavi" = Sptnavi

"Steam" = Steam

"Steam App 239120" = FINAL FANTASY III

"Steam App 266840" = Age of Mythology: Extended Edition

"VLC media player" = VLC media player 2.0.1

"WinLiveSuite" = Windows Live

"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"DRPSu Updater" = DriverPack Solution Updater

"PennyBee" = PennyBeeUpdate

"PhotoFiltre 7" = PhotoFiltre 7

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2015-03-20 05:45:30 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le

fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet

explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir

plusieurs éléments requestedPrivileges.

Error - 2015-03-21 03:47:15 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le

fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet

explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir

plusieurs éléments requestedPrivileges.

Error - 2015-03-21 03:50:35 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le

fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet

explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir

plusieurs éléments requestedPrivileges.

Error - 2015-03-22 10:02:09 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002

Description = Le programme RevoUninProSetup.tmp version 51.1052.0.0 a cessé d’interagir

avec Windows et a été fermé. Pour déterminer si des informations supplémentaires

sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID

de processus : 15d8 Heure de début : 01d064a86c328d86 Heure de fin : 4294967295 Chemin

d’accès de l’application : C:\Users\CHARLO~1\AppData\Local\Temp\is-U8KIG.tmp\RevoUninProSetup.tmp

ID

de rapport : 02415a92-d09c-11e4-bee2-5c9ad86037d6 Nom complet du package défaillant :

ID de l’application relative au package défaillant :

Error - 2015-03-22 11:15:54 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827

Description = La création du contexte d’activation a échoué pour « c:\program files

(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le

fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet

explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir

plusieurs éléments requestedPrivileges.

Error - 2015-03-22 15:51:09 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002

Description = Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows

et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles,

consultez l’historique du problème dans le Centre de maintenance. ID de processus :

568 Heure de début : 01d064d920c7898c Heure de fin : 0 Chemin d’accès de l’application

: C:\Users\Charlotte\Desktop\OTL.exe ID de rapport : b5bca14f-d0cc-11e4-bee5-5c9ad86037d6

Nom

complet du package défaillant : ID de l’application relative au package défaillant :

Error - 2015-03-22 16:16:32 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante Setup_FileViewPro_[2015] (1).exe,

version : 0.0.0.0, horodatage : 0x545f4e7a Nom du module défaillant : System.dll,

version : 0.0.0.0, horodatage : 0x545f49d3 Code d’exception : 0xc0000005 Décalage

d’erreur : 0x0000296f ID du processus défaillant : 0xcb0 Heure de début de l’application

défaillante : 0x01d064dd0538a3d4 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Downloads\Setup_FileViewPro_[2015]

(1).exe Chemin d’accès du module défaillant: C:\Users\CHARLO~1\AppData\Local\Temp\nse5E11.tmp\System.dll

ID

de rapport : 544ce236-d0d0-11e4-bee5-5c9ad86037d6 Nom complet du package défaillant :

ID de l’application relative au package défaillant :

Error - 2015-03-22 17:10:00 | Computer Name = Charlotte-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973

Description = Échec de l’activation de l’application winstore_cw5n1h2txyewy!Windows.Store

avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error - 2015-03-22 17:24:49 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002

Description = Le programme FRST64.exe version 11.3.2015.0 a cessé d’interagir avec

Windows et a été fermé. Pour déterminer si des informations supplémentaires sont

disponibles, consultez l’historique du problème dans le Centre de maintenance. ID

de processus : 6fc Heure de début : 01d064e622f57430 Heure de fin : 4294967295 Chemin

d’accès de l’application : C:\Users\Charlotte\Desktop\FRST64.exe ID de rapport :

dac62ef5-d0d9-11e4-bee6-5c9ad86037d6 Nom complet du package défaillant : ID de l’application

relative au package défaillant :

Error - 2015-03-22 18:18:06 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0,

horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version :

10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur

: 0x00000000007e41d0 ID du processus défaillant : 0xbdc Heure de début de l’application

défaillante : 0x01d064ee11e03c6f Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Downloads\RogueKillerX64.exe

Chemin

d’accès du module défaillant: C:\Users\Charlotte\Downloads\RogueKillerX64.exe ID

de rapport : 5027383a-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant :

ID de l’application relative au package défaillant :

Error - 2015-03-22 18:20:17 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0,

horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version :

10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur

: 0x00000000007e41d0 ID du processus défaillant : 0x8a4 Heure de début de l’application

défaillante : 0x01d064ee605f8481 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Desktop\RogueKillerX64.exe

Chemin

d’accès du module défaillant: C:\Users\Charlotte\Desktop\RogueKillerX64.exe ID de

rapport : 9e2185c6-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant :

ID de l’application relative au package défaillant :

Error - 2015-03-22 18:20:24 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000

Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0,

horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version :

10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur

: 0x00000000007e41d0 ID du processus défaillant : 0xad4 Heure de début de l’application

défaillante : 0x01d064ee64b43761 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Desktop\RogueKillerX64.exe

Chemin

d’accès du module défaillant: C:\Users\Charlotte\Desktop\RogueKillerX64.exe ID de

rapport : a273d650-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant :

ID de l’application relative au package défaillant :

[ Media Center Events ]

Error - 2011-08-27 11:41:18 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-08-27 11:41:23 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-08-27 12:41:34 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-08-27 12:41:44 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-08-27 13:42:05 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-08-27 13:42:31 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-09-10 23:31:42 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-09-10 23:32:39 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-09-30 23:34:34 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

Error - 2011-09-30 23:35:37 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0

Description =

[ System Events ]

Error - 2015-03-22 18:19:27 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:19:41 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:19:43 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:20:17 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:20:24 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:20:35 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

Error - 2015-03-22 18:20:35 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005

Description =

< End of report >

dontchaae · March 22, 2015

Here is the scan from Jotti's site: