I have a recurring infection of PUP.Optional.Trovi.A

[bromsongsmith]

Malwarebytes scan.txt

 

Deeprybka,

 

Thank you understanding my mistake and for being prepared to help me.

 

I will wait for your first instruction.

 

 

 

[deeprybka]

Hi &

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
• Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

P2P/Piracy Warning:

• If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
• Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
• If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

• Start FRST with administator privileges.
• Make sure the option Addition.txt is checked and press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
• Please copy and paste these logs in your next reply.

[bromsongsmith]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by John (administrator) on JOHN-PC on 05-04-2015 12:54:00

Running from C:\Users\John\Downloads

Loaded Profiles: John (Available profiles: John & UpdatusUser & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: "https://www.facebook.com/"

CHR DefaultSearchKeyword: Default -> mcafee

CHR DefaultSearchURL: Default -> https://uk.search.yahoo.com/search?fr=mcafee&type=B211GB691D20140220&p={searchTerms}

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]

CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]

CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]

CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]

CHR Extension: (Google Calendar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-08-07]

CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-08-07]

CHR Extension: (iCloud Bookmarks) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-01-15]

CHR Extension: (Planetarium) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-08-07]

CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-13]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]

CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-25]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-21] ()

S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)

S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2017-12-26 21:02 - 2017-12-26 21:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes

2017-12-26 21:02 - 2014-08-12 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2017-10-17 05:12 - 2017-10-17 05:12 - 00003026 _____ () C:\Windows\System32\Tasks\WebReg HP Deskjet D5500 Series

2017-09-02 00:28 - 2017-09-02 00:28 - 00000000 ____D () C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2017-09-02 00:26 - 2017-09-02 00:27 - 00000000 ___HD () C:\SYSTEM.SAV

2017-09-02 00:26 - 2017-09-02 00:26 - 00000000 ____D () C:\swsetup

2017-09-02 00:14 - 2014-12-11 12:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\CyberLink

2015-04-05 12:54 - 2015-04-05 12:55 - 00027809 _____ () C:\Users\John\Downloads\FRST.txt

2015-04-05 12:51 - 2015-04-05 12:54 - 00000000 ____D () C:\FRST

2015-04-05 12:49 - 2015-04-05 12:49 - 02095616 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe

2015-04-05 09:50 - 2015-04-05 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-03 09:35 - 2015-04-03 09:35 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (3).exe

2015-04-01 11:02 - 2015-04-01 11:02 - 00001917 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2015-04-01 11:02 - 2015-04-01 11:02 - 00000000 ____D () C:\Program Files\HitmanPro

2015-04-01 11:00 - 2015-04-01 11:14 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-04-01 10:58 - 2015-04-01 10:59 - 11028616 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe

2015-04-01 10:28 - 2015-04-01 10:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Home-Premium-(64-bit).dat

2015-04-01 10:28 - 2015-04-01 10:28 - 00000000 ____D () C:\RegBackup

2015-04-01 10:27 - 2015-04-01 10:27 - 03032229 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe

2015-03-25 09:30 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-25 09:30 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-19 20:10 - 2015-03-19 20:10 - 00002194 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2015-03-19 19:46 - 2015-03-31 21:00 - 00000000 ____D () C:\Users\John\Documents\09 WARTS AND ALL

2015-03-19 19:41 - 2015-03-19 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-03-19 19:34 - 2015-03-19 19:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-03-19 19:33 - 2015-03-19 19:33 - 01075376 _____ (Microsoft Corporation) C:\Users\John\Downloads\setuponenotefreeretail.x86.en-us_.exe

2015-03-13 15:29 - 2015-03-13 15:29 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (2).exe

2015-03-13 14:51 - 2015-03-13 14:51 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (1).exe

2015-03-11 05:52 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-11 05:52 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-11 05:52 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 05:52 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-11 05:52 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 05:52 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-11 05:52 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-11 05:52 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-11 05:52 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-11 05:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-11 05:52 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-11 05:52 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-11 05:52 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-11 05:52 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-11 05:52 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-11 05:52 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-11 05:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-11 05:52 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-11 05:52 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-11 05:52 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-11 05:52 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-11 05:52 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-11 05:52 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-03-11 05:52 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-03-11 05:51 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-11 05:51 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-11 05:51 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-11 05:51 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-11 05:51 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-11 05:51 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 05:51 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 05:50 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-11 05:50 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-11 05:50 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-11 05:50 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-11 05:50 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-11 05:50 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-11 05:50 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-11 05:50 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-11 05:50 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-11 05:50 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-11 05:50 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-11 05:50 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-11 05:50 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-11 05:50 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-11 05:50 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 05:50 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 05:50 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-11 05:50 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 05:49 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 05:49 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 05:49 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-11 05:49 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 05:49 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-11 05:49 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-11 05:49 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-11 05:49 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-11 05:49 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 05:49 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-11 05:49 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 05:49 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-11 05:49 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 05:49 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 05:49 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-11 05:49 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 05:49 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-11 05:49 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 05:49 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 05:49 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 05:49 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 05:49 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-11 05:49 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-11 05:49 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 05:49 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-11 05:49 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-11 05:49 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 05:49 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-11 05:49 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-11 05:49 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-11 05:49 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 05:49 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-11 05:49 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-11 05:49 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-11 05:49 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-11 05:49 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-11 05:49 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-11 05:49 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 05:49 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 05:49 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-11 05:49 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 05:49 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 05:49 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-11 05:49 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-11 05:49 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-11 05:49 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 05:49 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-11 05:49 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-11 05:49 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-11 05:49 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 05:49 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-11 05:49 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-11 05:49 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-11 05:49 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-11 05:49 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 05:49 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-11 05:49 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 05:49 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-11 05:44 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-11 05:44 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-10 17:08 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

[bromsongsmith]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by John (administrator) on JOHN-PC on 05-04-2015 12:54:00

Running from C:\Users\John\Downloads

Loaded Profiles: John (Available profiles: John & UpdatusUser & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: "https://www.facebook.com/"

CHR DefaultSearchKeyword: Default -> mcafee

CHR DefaultSearchURL: Default -> https://uk.search.yahoo.com/search?fr=mcafee&type=B211GB691D20140220&p={searchTerms}

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]

CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]

CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]

CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]

CHR Extension: (Google Calendar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-08-07]

CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-08-07]

CHR Extension: (iCloud Bookmarks) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-01-15]

CHR Extension: (Planetarium) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-08-07]

CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-13]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]

CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-25]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-21] ()

S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)

S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2017-12-26 21:02 - 2017-12-26 21:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes

2017-12-26 21:02 - 2014-08-12 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2017-10-17 05:12 - 2017-10-17 05:12 - 00003026 _____ () C:\Windows\System32\Tasks\WebReg HP Deskjet D5500 Series

2017-09-02 00:28 - 2017-09-02 00:28 - 00000000 ____D () C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2017-09-02 00:26 - 2017-09-02 00:27 - 00000000 ___HD () C:\SYSTEM.SAV

2017-09-02 00:26 - 2017-09-02 00:26 - 00000000 ____D () C:\swsetup

2017-09-02 00:14 - 2014-12-11 12:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\CyberLink

2015-04-05 12:54 - 2015-04-05 12:55 - 00027809 _____ () C:\Users\John\Downloads\FRST.txt

2015-04-05 12:51 - 2015-04-05 12:54 - 00000000 ____D () C:\FRST

2015-04-05 12:49 - 2015-04-05 12:49 - 02095616 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe

2015-04-05 09:50 - 2015-04-05 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-03 09:35 - 2015-04-03 09:35 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (3).exe

2015-04-01 11:02 - 2015-04-01 11:02 - 00001917 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2015-04-01 11:02 - 2015-04-01 11:02 - 00000000 ____D () C:\Program Files\HitmanPro

2015-04-01 11:00 - 2015-04-01 11:14 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-04-01 10:58 - 2015-04-01 10:59 - 11028616 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe

2015-04-01 10:28 - 2015-04-01 10:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Home-Premium-(64-bit).dat

2015-04-01 10:28 - 2015-04-01 10:28 - 00000000 ____D () C:\RegBackup

2015-04-01 10:27 - 2015-04-01 10:27 - 03032229 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe

2015-03-25 09:30 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-25 09:30 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-19 20:10 - 2015-03-19 20:10 - 00002194 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2015-03-19 19:46 - 2015-03-31 21:00 - 00000000 ____D () C:\Users\John\Documents\09 WARTS AND ALL

2015-03-19 19:41 - 2015-03-19 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-03-19 19:34 - 2015-03-19 19:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-03-19 19:33 - 2015-03-19 19:33 - 01075376 _____ (Microsoft Corporation) C:\Users\John\Downloads\setuponenotefreeretail.x86.en-us_.exe

2015-03-13 15:29 - 2015-03-13 15:29 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (2).exe

2015-03-13 14:51 - 2015-03-13 14:51 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (1).exe

2015-03-11 05:52 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-11 05:52 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-11 05:52 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 05:52 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-11 05:52 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 05:52 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-11 05:52 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-11 05:52 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-11 05:52 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-11 05:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-11 05:52 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-11 05:52 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-11 05:52 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-11 05:52 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-11 05:52 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-11 05:52 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-11 05:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-11 05:52 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-11 05:52 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-11 05:52 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-11 05:52 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-11 05:52 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-11 05:52 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-03-11 05:52 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-03-11 05:51 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-11 05:51 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-11 05:51 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-11 05:51 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-11 05:51 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-11 05:51 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 05:51 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 05:50 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-11 05:50 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-11 05:50 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-11 05:50 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-11 05:50 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-11 05:50 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-11 05:50 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-11 05:50 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-11 05:50 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-11 05:50 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-11 05:50 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-11 05:50 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-11 05:50 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-11 05:50 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-11 05:50 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 05:50 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 05:50 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-11 05:50 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 05:49 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 05:49 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 05:49 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-11 05:49 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 05:49 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-11 05:49 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-11 05:49 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-11 05:49 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-11 05:49 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 05:49 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-11 05:49 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 05:49 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-11 05:49 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 05:49 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 05:49 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-11 05:49 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 05:49 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-11 05:49 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 05:49 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 05:49 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 05:49 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 05:49 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-11 05:49 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-11 05:49 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 05:49 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-11 05:49 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-11 05:49 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 05:49 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-11 05:49 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-11 05:49 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-11 05:49 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 05:49 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-11 05:49 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-11 05:49 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-11 05:49 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-11 05:49 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-11 05:49 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-11 05:49 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 05:49 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 05:49 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-11 05:49 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 05:49 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 05:49 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-11 05:49 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-11 05:49 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-11 05:49 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 05:49 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-11 05:49 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-11 05:49 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-11 05:49 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 05:49 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-11 05:49 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-11 05:49 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-11 05:49 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-11 05:49 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 05:49 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-11 05:49 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 05:49 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-11 05:44 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-11 05:44 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-10 17:08 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2017-12-22 00:10 - 2010-07-14 22:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Hewlett-Packard

2017-12-22 00:06 - 2010-07-23 17:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2017-12-22 00:01 - 2010-07-23 17:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\HP Support Assistant

2017-09-02 00:32 - 2010-07-23 17:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\hpqLog

2015-04-05 12:49 - 2013-11-10 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-05 12:31 - 2010-07-14 22:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-05 10:40 - 2013-11-08 11:12 - 00000000 ____D () C:\Users\John\Documents\07 KEY RECORDS

2015-04-05 09:56 - 2014-11-08 10:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-05 09:45 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-05 09:45 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-05 09:43 - 2010-04-14 21:02 - 01912414 _____ () C:\Windows\WindowsUpdate.log

2015-04-05 09:38 - 2015-02-26 13:31 - 00000000 ___RD () C:\Users\John\iCloudDrive

2015-04-05 09:38 - 2014-01-06 17:34 - 00000000 ___RD () C:\Users\John\Dropbox

2015-04-05 09:38 - 2014-01-06 17:31 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox

2015-04-05 09:38 - 2010-07-14 22:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-05 09:37 - 2014-11-27 21:23 - 00014251 _____ () C:\Windows\setupact.log

2015-04-05 09:37 - 2012-04-18 14:50 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs

2015-04-05 09:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-04 15:48 - 2013-11-08 09:31 - 07606272 _____ () C:\Users\John\Documents\My Money2.mny

2015-04-04 07:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-04-04 07:36 - 2010-02-22 21:43 - 01422990 _____ () C:\Windows\PFRO.log

2015-04-03 11:50 - 2013-11-08 11:09 - 00000000 ____D () C:\Users\John\Documents\03 SUPPLIERS

2015-04-03 11:41 - 2013-11-08 18:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype

2015-04-03 11:23 - 2010-07-22 15:22 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate

2015-04-03 09:51 - 2013-11-08 18:02 - 00000000 ____D () C:\ProgramData\Skype

2015-04-03 09:00 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media

2015-04-01 19:00 - 2014-12-11 11:52 - 00000000 ____D () C:\AdwCleaner

2015-04-01 10:51 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-31 22:33 - 2010-07-14 22:14 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

2015-03-31 22:00 - 2012-04-18 14:50 - 00024547 _____ () C:\Windows\system32\lvcoinst.log

2015-03-28 09:11 - 2014-02-20 11:43 - 00000000 ____D () C:\Program Files (x86)\McAfee

2015-03-27 09:49 - 2013-11-10 13:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-27 09:49 - 2013-11-10 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-27 09:49 - 2013-11-10 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-27 00:02 - 2014-11-08 10:44 - 00001086 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-27 00:02 - 2014-11-08 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-27 00:02 - 2014-11-08 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-26 10:52 - 2011-05-03 14:02 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live

2015-03-26 08:46 - 2014-01-06 16:43 - 00000000 ____D () C:\Users\John\AppData\Local\Apple

2015-03-26 04:17 - 2014-12-11 14:01 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-26 04:17 - 2014-04-30 20:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-21 12:07 - 2010-07-14 22:22 - 00000000 ____D () C:\Users\John\AppData\Local\Google

2015-03-21 09:44 - 2009-07-14 05:45 - 00571016 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-19 19:48 - 2010-07-14 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2015-03-19 19:45 - 2010-07-14 22:09 - 00169048 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-18 19:45 - 2014-02-25 23:37 - 00766376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-03-17 07:15 - 2014-11-08 10:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-17 07:15 - 2014-11-08 10:44 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-17 07:15 - 2014-11-08 10:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-16 15:18 - 2015-02-26 13:31 - 00000000 ____D () C:\Users\John\AppData\Local\0FD54195-A04D-4E4B-8970-A39933581573.aplzod

2015-03-16 15:17 - 2010-07-14 22:01 - 00000000 ____D () C:\Users\John

2015-03-13 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-03-13 15:27 - 2010-02-22 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling

2015-03-13 15:14 - 2014-09-17 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-03-13 09:52 - 2014-01-06 17:34 - 00001033 _____ () C:\Users\John\Desktop\Dropbox.lnk

2015-03-13 09:52 - 2014-01-06 17:31 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-03-12 23:34 - 2010-07-14 23:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-12 09:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-03-12 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-03-11 23:22 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini

2015-03-11 23:16 - 2013-11-01 18:44 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-11 23:08 - 2010-07-14 22:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 17:08 - 2010-07-22 21:07 - 00000000 ____D () C:\ProgramData\McAfee

2015-03-10 17:07 - 2010-07-22 21:24 - 00000000 ____D () C:\Program Files\Common Files\McAfee

 

==================== Files in the root of some directories =======

 

2003-11-10 16:27 - 2003-11-10 16:26 - 0376884 _____ () C:\Program Files\image001.bmp

2014-07-16 10:33 - 2014-06-02 15:31 - 0759296 _____ () C:\Program Files\Midnight Compressor 64.dll

2014-07-16 10:33 - 2014-06-02 15:39 - 0604672 _____ () C:\Program Files\Midnight Compressor.dll

2014-07-16 10:33 - 2014-06-02 15:31 - 1030144 _____ () C:\Program Files\Midnight EQ 64.dll

2014-07-16 10:33 - 2014-06-02 15:41 - 0862208 _____ () C:\Program Files\Midnight EQ.dll

2014-08-09 17:45 - 2014-08-09 17:45 - 0001181 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.1.txt

2014-08-09 17:45 - 2014-08-15 12:27 - 0000919 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.txt

2014-08-09 17:45 - 2014-08-15 12:27 - 0000000 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

2013-11-12 10:34 - 2014-11-05 11:12 - 0002392 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat

2014-11-28 18:49 - 2014-11-28 18:49 - 0003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-25 16:46 - 2014-10-25 16:46 - 0007627 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg

2015-01-06 15:59 - 2015-01-06 15:59 - 0000057 _____ () C:\ProgramData\Ament.ini

2010-07-26 16:28 - 2013-11-11 18:16 - 0007509 _____ () C:\ProgramData\hpzinstall.log

 

Some content of TEMP:

====================

C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyamtar.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-03-20 04:54

 

==================== End Of Log ============================

[deeprybka]

Please post the Addition.txt as well.

Step 1

Start FRST with administator privileges.

• Make sure the following option is checked:
• Press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

  Please copy and paste these logs in your next reply.

[bromsongsmith]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by John at 2015-04-05 12:55:47

Running from C:\Users\John\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Ableton Live 9 Lite (HKLM\...\{9DB681F9-3FA5-471C-A842-FF422783753D}) (Version: 9.0.0.0 - Ableton)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 - Michael Tippach)

BBC iPlayer Downloads (HKLM-x32\...\{D8753E3F-B86E-4BA6-A44A-6D92BFB38519}) (Version: 1.11.0 - BBC)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)

Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2134 - Steinberg Media Technologies GmbH)

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)

Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)

Garmin City Navigator Europe NT 2014.40 Update (HKLM-x32\...\{45734B7D-FC19-4C0A-997F-6AFF6E1D29F8}) (Version: 17.40.0.0 - Garmin Ltd or its subsidiaries)

Garmin City Navigator Europe NT 2015.20 (HKLM-x32\...\{EF144B2A-E433-45ED-959C-FD913ABCE5D8}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)

HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

MAGIX Movie Edit Pro 2014 (HKLM-x32\...\MX.{146DFB48-B585-48B9-A407-16DD6F686550}) (Version: 13.0.0.28 - MAGIX AG)

MAGIX Movie Edit Pro 2014 (Version: 13.0.0.28 - MAGIX AG) Hidden

MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{6897F803-51A2-4305-B81D-7DAC3EFA6367}) (Version: 7.0.1.27 - MAGIX AG)

MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

M-Audio USB MIDI Series Driver 5.0.1 (x64) (HKLM\...\{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}) (Version: 5.0.1 - M-Audio)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Money (HKLM-x32\...\{019210C1-32C8-423C-BEFD-763C8E7A188F}) (Version: 11.0.120 - Microsoft)

Microsoft Money System Pack (HKLM-x32\...\{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}) (Version: 11.0.120 - Microsoft)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Midnight 1.6 (HKLM\...\Midnight_is1) (Version: 1.6 - Focusrite)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version:  - )

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA Graphics Driver 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden

Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)

Steinberg Cubase LE 4 (HKLM-x32\...\{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}) (Version: 4.0.3.2233 - Steinberg Media Technologies GmbH)

Syncrosoft License Control (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

23-03-2015 22:00:31 Windows Backup

24-03-2015 22:00:27 Windows Backup

25-03-2015 22:00:37 Windows Backup

26-03-2015 04:00:18 Windows Update

26-03-2015 22:00:32 Windows Backup

27-03-2015 09:42:20 McAfee Vulnerability Scanner

27-03-2015 22:00:28 Windows Backup

28-03-2015 22:00:32 Windows Backup

29-03-2015 21:00:58 Windows Backup

30-03-2015 21:00:32 Windows Backup

31-03-2015 21:00:35 Windows Backup

01-04-2015 21:00:19 Windows Backup

02-04-2015 21:00:28 Windows Backup

03-04-2015 09:44:19 McAfee Vulnerability Scanner

03-04-2015 21:00:43 Windows Backup

04-04-2015 21:00:26 Windows Backup

05-04-2015 03:00:21 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {00CC4095-B9B2-42FA-962C-66C468BA5B90} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {05BE61D3-9610-4490-B76A-CABB890E1904} - System32\Tasks\{34A8EE7B-6C96-45E2-8DF9-35BBB81355D6} => pcalua.exe -a R:\Setup.EXE -d R:\

Task: {12E969B2-8AB7-407B-9679-DA3F7F2FFAD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {1411CA66-9DF1-415D-BCFA-D78EF9612A01} - System32\Tasks\{A11818B2-7F72-4FB3-9290-0DAD09701132} => pcalua.exe -a "C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe" -d C:\Windows\system32

Task: {1892CBF8-8A99-4F51-BB52-6D81964CD1C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {29E6C302-62EA-49B6-B6C0-B8047DAD9631} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

Task: {2B5C6F67-DC42-49AF-8C4B-E2C8FDDFDF3A} - System32\Tasks\{E7251A8B-E1B0-4218-9F70-8EC3D0A2E370} => pcalua.exe -a F:\Autorun.exe -d F:\

Task: {38EEF744-D6DC-4720-9831-79847498ACCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-27] (Adobe Systems Incorporated)

Task: {53D049E4-DD99-4DA2-B549-DE3DFA76EAB1} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {5C447ECD-6074-4A4D-8767-562E367E53B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {5CECAE46-C132-419B-81CA-DA4AB2901C42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {6863C041-6969-4E94-A4AD-220979362665} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {79773AB7-692F-4B27-98D5-963D85CC0043} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()

Task: {7EC252D0-2FF9-4D38-8987-C8B9F233BE30} - System32\Tasks\{CAD7C447-69EF-4B18-A708-08D3A8FB073F} => pcalua.exe -a C:\Lxkx75\PROGRAM\32\Setup32.exe -d C:\Lxkx75\PROGRAM\32

Task: {86D10B9D-73F9-4843-9AE7-D7CF4F2A5F51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {A1943436-E1FC-4B0C-8E51-334BA6F6E1CF} - System32\Tasks\{2AE317E9-D81C-4CF9-8EE6-EE1E8F438B5A} => pcalua.exe -a "F:\Cubase LE 4 for Windows\Additional Content\Copy Protection Driver\SyncrosoftLicenseControlSetup.exe" -d "F:\Cubase LE 4 for Windows\Additional Content\Copy Protection Driver"

Task: {A92EA05E-6741-4F6F-A149-8EC43498CC20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {AE5219AA-D3B2-4E7B-957C-283EC8243177} - System32\Tasks\{32747A74-30A4-45EE-A523-4E1D842B3DC0} => pcalua.exe -a F:\setup.exe -d F:\

Task: {BD98ADF2-9478-4DE1-998B-5BDF8BA08324} - System32\Tasks\{1C73B091-3581-4FA9-BA61-1E2157A20E18} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.114&LastError=404

Task: {D9664778-C9A2-4539-BBFF-5F0337D24A55} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {EB8C8ADD-3214-4158-B6FD-761691BDA546} - System32\Tasks\WebReg HP Deskjet D5500 Series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

Task: {F20D0FA2-FB4E-49BD-83D7-FE605546AD7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {F9F8471E-205E-4BCC-9802-F29D56A0F2DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

 

==================== Loaded Modules (whitelisted) ==============

 

2012-09-20 10:45 - 2012-08-18 09:28 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-03-19 19:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-03-19 19:52 - 2015-03-19 19:52 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-04-05 09:38 - 2015-04-05 09:38 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyamtar.dll

2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1496942062-3818417186-1800515790-500 - Administrator - Disabled)

Guest (S-1-5-21-1496942062-3818417186-1800515790-501 - Limited - Disabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-1496942062-3818417186-1800515790-1002 - Limited - Enabled)

John (S-1-5-21-1496942062-3818417186-1800515790-1001 - Administrator - Enabled) => C:\Users\John

UpdatusUser (S-1-5-21-1496942062-3818417186-1800515790-1003 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

Error: (04/05/2015 09:40:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 

%%1069

 

Error: (04/05/2015 09:40:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 

%%1330

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (04/05/2015 09:40:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HP Health Check Service service failed to start due to the following error: 

%%2

 

Error: (04/05/2015 09:37:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Core Update Service service failed to start due to the following error: 

%%1053

 

Error: (04/05/2015 09:37:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

 

Error: (04/04/2015 07:39:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 

%%1069

 

Error: (04/04/2015 07:39:39 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 

%%1330

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (04/04/2015 07:39:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HP Health Check Service service failed to start due to the following error: 

%%2

 

Error: (04/04/2015 07:37:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Core Update Service service failed to start due to the following error: 

%%1053

 

Error: (04/04/2015 07:37:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3 CPU 530 @ 2.93GHz

Percentage of memory in use: 75%

Total physical RAM: 3959.08 MB

Available physical RAM: 988.69 MB

Total Pagefile: 9895.27 MB

Available Pagefile: 5028.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (600 GB Internal Disk) (Fixed) (Total:583.46 GB) (Free:394.47 GB) NTFS

Drive d: (DO NOT OPEN FACTORY_IMAGE) (Fixed) (Total:12.61 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (300 GB Local Disk) (Fixed) (Total:298.09 GB) (Free:289.32 GB) NTFS

Drive k: (1 TB external drive) (Fixed) (Total:931.51 GB) (Free:359.29 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=583.5 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 9A880D3D)

Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 931.5 GB) (Disk ID: 51747E54)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[deeprybka]

Hi John!

Happy Easter!

Please do the following:

Step 1

Press the + R on your keyboard at the same time. Type notepad and click OK.

• Copy the entire content of the codebox below and paste into the notepad document:

  HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [(default)] => [X]RemoveProxy:CHR HomePage:SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ->  No FileToolbar: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Please downloadOnline Scanner and save it to your Desktop.

• Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
• Start with administartor privileges.
• Select the option Yes, I accept the Terms of Use and click on Start.
• Choose the following settings:

• Click on Start. The virus signature database will begin to download. This may take some time.
• When completed the Online Scan will begin automatically.

  Note: This scan might take a long time! Please be patient.

• When completed, click on Finish
• A log fileis created at

  Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

[bromsongsmith]

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [(default)] => [X]
RemoveProxy:
CHR HomePage:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

 

 

As you can see, I have copied the Fixlog.txt that was generated (see above).

 

I then downloaded the ESET Online Scanner and started the scan.  It has been running for over 13 hours and appears to be  waitingat 88% complete.  I have looked at 'Task Manager' and ESET is showing to be still  'Running' so I will continue to wait and see if the scan completes.  If it does, then I will post the result to you.

 

In the meantime, here is what is displayed in the Scan Window...

 

Step 3 out of 4

Computer Scan in progress...

 

Target                    K:\JOHN-PC\Backup Set 2015-03-10 215255\Backup Files 2015-04...\Backupfiles 189 zip

                               ( the number 189 zip has risen to 241 zip whilst I have been typing and it is still rising slowly )

 

Files scanned       233239  ( This number count is still rising, but very slowly! )

      

infected files          5

 

Total scan time     13:30:14

____________________________________________________________________________

 

Current scan result

Threats found!

a variant of Win32/Bundled Toolbar.Google.C potentially unsafe application

multiple threats

a variant of Win32/Bundled Toolbar.Google.C potentially unsafe application

multiple threats

Win32/Somoto.Q potentially unwanted application

[bromsongsmith]

UPDATE

 

I have looked at the location K:\JOHN-PC\Backup Set 2015-03-10 215255\Backup Files 2015-04...\Backupfiles 189 zip and it is an external drive where my backup file are kept.

 

There are 687 files there (over 120 Kb) and the ESET Scan, which is currently still running , has reached file number 120.

 

Do you want me to stop the ESET scan now and click 'FINISH' and send you the log file ?

[bromsongsmith]

UPDATE

 

I am pleased to report that the scan is still running because it has now reached file number 440 in the external Backup drive and the scan progress has moved from the 88% to 89% now, so I guess I should let the scan run its course before I end it and send you the log file.

 

Thank you for your patience with me.

[bromsongsmith]

The ESET scan has ended.  Here is the logfile...

 

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=f9d559749c1a0b4a8823ab6e36a2633e

# engine=23247

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-04-06 01:12:16

# local_time=2015-04-06 02:12:16 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 44995754 180790986 0 0

# scanned=236971

# found=7

# cleaned=0

# scan_time=64749

sh=7669F3D56E0CD22381C7EACE00B9D3B1DD41BF07 ft=1 fh=fc296988becdd3eb vn="Win32/Somoto.Q potentially unwanted application" ac=I fn="C:\Users\John\Downloads\Core-Temp-installer.exe"

sh=F3CBD24F22043C7D99BB1AF79BA0195EC12BC137 ft=1 fh=7a4c33456738eee1 vn="multiple threats" ac=I fn="C:\Users\John\Downloads\ErrorEND_Pro_Installer.exe"

sh=1E588BCBFC7C2F2115692014ACBA196E232ACE5F ft=1 fh=45a244a40fc9550e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\John\Downloads\switchsetup.exe"

sh=A88C9D1BEBA21CBF079A21F3024668AFA8BF9245 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\JOHN-PC\Backup Set 2015-03-10 215255\Backup Files 2015-03-10 215255\Backup files 51.zip"

sh=383C0A63DDB9A18628BFE9AFDA1CF05AB152E510 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="K:\JOHN-PC\Backup Set 2015-03-10 215255\Backup Files 2015-03-10 215255\Backup files 52.zip"

sh=4E228422CBF7FD853A973BA26B33DF64D36B78EF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="K:\JOHN-PC\Backup Set 2015-04-05 210041\Backup Files 2015-04-05 210041\Backup files 54.zip"

sh=37F56BCDCE52C1FDFFB2A5F7B2BA31E5FAF8B201 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="K:\JOHN-PC\Backup Set 2015-04-05 210041\Backup Files 2015-04-05 210041\Backup files 55.zip"

[deeprybka]

Hello John,

could you please post the Fixlog.txt. It looks like you have posted the fixlist.txt.

[bromsongsmith]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by John at 2015-04-05 19:49:22 Run:1

Running from C:\Users\John\Desktop

Loaded Profiles: John (Available profiles: John & UpdatusUser & Guest)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [(default)] => [X]

RemoveProxy:

CHR HomePage:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ->  No File

Toolbar: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\(default) => value deleted successfully.

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

 

 

========= End of RemoveProxy: =========

IS THIS WHAT YOU NEED ?

 

 

 

CHR HomePage: => Error: No automatic fix found for this entry.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}" => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} => Key not found. 

HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 

 

==== End of Fixlog 19:49:30 ====

[deeprybka]

Yes! Thank you.

Step 1

Start FRST with administator privileges.

• Make sure the following option is checked:
• Press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

  Please copy and paste these logs in your next reply.

Step 2

Scan with Malwarebytes Anti-Malware.

• Please open Malwarebytes Anti-Malware and update the database.
• Click "Settings" [1] and go to "Detection and Protection" [2]
• Make sure "Scan for Rootkits" is checked.
• Click on Dashboard [3], then click on Scan Now [4] to start the scan.

  :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:

  

• Click on "Remove Selected" [5].
• Then click "Save Results" [6] and select

  

• Return to our forum. Paste your log into your next reply and then click Finish [7].

[bromsongsmith]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by John (administrator) on JOHN-PC on 06-04-2015 18:02:51

Running from C:\Users\John\Desktop

Loaded Profiles: John (Available profiles: John & UpdatusUser & Guest)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: "https://www.facebook.com/"

CHR DefaultSearchKeyword: Default -> mcafee

CHR DefaultSearchURL: Default -> https://uk.search.yahoo.com/search?fr=mcafee&type=B211GB691D20140220&p={searchTerms}

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]

CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]

CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]

CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]

CHR Extension: (Google Calendar) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-08-07]

CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-08-07]

CHR Extension: (iCloud Bookmarks) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-01-15]

CHR Extension: (Planetarium) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2014-08-07]

CHR Extension: (Bookmark Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-13]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]

CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-25]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - http://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]

S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-21] ()

S3 SynasUSB; C:\Windows\System32\drivers\SynUSB64.sys [31248 2006-11-16] (SIA Syncrosoft)

S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2017-12-26 21:02 - 2017-12-26 21:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes

2017-12-26 21:02 - 2014-08-12 17:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2017-10-17 05:12 - 2017-10-17 05:12 - 00003026 _____ () C:\Windows\System32\Tasks\WebReg HP Deskjet D5500 Series

2017-09-02 00:28 - 2017-09-02 00:28 - 00000000 ____D () C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2017-09-02 00:26 - 2017-09-02 00:27 - 00000000 ___HD () C:\SYSTEM.SAV

2017-09-02 00:26 - 2017-09-02 00:26 - 00000000 ____D () C:\swsetup

2017-09-02 00:14 - 2014-12-11 12:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\CyberLink

2015-04-06 18:02 - 2015-04-06 18:03 - 00027185 _____ () C:\Users\John\Desktop\FRST.txt

2015-04-05 20:20 - 2015-04-05 19:55 - 02347384 _____ (ESET) C:\Users\John\Desktop\esetsmartinstaller_enu.exe

2015-04-05 20:05 - 2015-04-05 20:05 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-04-05 20:02 - 2015-04-05 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-04-05 19:55 - 2015-04-05 19:55 - 02347384 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe

2015-04-05 19:43 - 2015-04-05 19:43 - 00000560 _____ () C:\Users\John\Downloads\fixlist.txt

2015-04-05 13:40 - 2015-04-05 13:40 - 00396002 _____ () C:\Users\John\Downloads\gp (1).cab

2015-04-05 13:38 - 2015-04-05 13:38 - 00396002 _____ () C:\Users\John\Downloads\gp.cab

2015-04-05 12:55 - 2015-04-05 12:58 - 00033301 _____ () C:\Users\John\Downloads\Addition.txt

2015-04-05 12:54 - 2015-04-05 12:58 - 00063436 _____ () C:\Users\John\Downloads\FRST.txt

2015-04-05 12:51 - 2015-04-06 18:03 - 00000000 ____D () C:\FRST

2015-04-05 12:49 - 2015-04-05 12:49 - 02095616 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe

2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-05 03:02 - 2015-04-05 03:02 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-03 09:35 - 2015-04-03 09:35 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (3).exe

2015-04-01 11:02 - 2015-04-01 11:02 - 00001917 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2015-04-01 11:02 - 2015-04-01 11:02 - 00000000 ____D () C:\Program Files\HitmanPro

2015-04-01 11:00 - 2015-04-01 11:14 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-04-01 10:58 - 2015-04-01 10:59 - 11028616 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe

2015-04-01 10:28 - 2015-04-01 10:28 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Windows-7-Home-Premium-(64-bit).dat

2015-04-01 10:28 - 2015-04-01 10:28 - 00000000 ____D () C:\RegBackup

2015-04-01 10:27 - 2015-04-01 10:27 - 03032229 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe

2015-03-25 09:30 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-25 09:30 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-25 09:30 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-25 09:30 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-19 20:10 - 2015-03-19 20:10 - 00002194 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

2015-03-19 19:46 - 2015-03-31 21:00 - 00000000 ____D () C:\Users\John\Documents\09 WARTS AND ALL

2015-03-19 19:41 - 2015-03-19 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-03-19 19:34 - 2015-03-19 19:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-03-19 19:33 - 2015-03-19 19:33 - 01075376 _____ (Microsoft Corporation) C:\Users\John\Downloads\setuponenotefreeretail.x86.en-us_.exe

2015-03-13 15:29 - 2015-03-13 15:29 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (2).exe

2015-03-13 14:51 - 2015-03-13 14:51 - 00880208 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup (1).exe

2015-03-11 05:52 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 05:52 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-11 05:52 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-11 05:52 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-11 05:52 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 05:52 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-11 05:52 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 05:52 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-11 05:52 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-11 05:52 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-11 05:52 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-11 05:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-11 05:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-11 05:52 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-11 05:52 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-11 05:52 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-11 05:52 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-11 05:52 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-11 05:52 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-11 05:52 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-11 05:52 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-11 05:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-11 05:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-11 05:52 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-11 05:52 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-11 05:52 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-11 05:52 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-11 05:52 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-11 05:52 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-03-11 05:52 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll

2015-03-11 05:51 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-11 05:51 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-11 05:51 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-11 05:51 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-11 05:51 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-11 05:51 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-03-11 05:51 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 05:50 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-11 05:50 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-11 05:50 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-11 05:50 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-11 05:50 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-11 05:50 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-11 05:50 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-11 05:50 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-11 05:50 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-11 05:50 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-11 05:50 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-11 05:50 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-11 05:50 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-11 05:50 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-11 05:50 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-11 05:50 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-11 05:50 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 05:50 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 05:50 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-11 05:50 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 05:49 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 05:49 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 05:49 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-11 05:49 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 05:49 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-11 05:49 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-11 05:49 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-11 05:49 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-11 05:49 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 05:49 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-11 05:49 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 05:49 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-11 05:49 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 05:49 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 05:49 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-11 05:49 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 05:49 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-11 05:49 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 05:49 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 05:49 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-11 05:49 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-11 05:49 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-11 05:49 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-11 05:49 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 05:49 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-11 05:49 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-11 05:49 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 05:49 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-11 05:49 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-11 05:49 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-11 05:49 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-11 05:49 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 05:49 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-11 05:49 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-11 05:49 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-11 05:49 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-11 05:49 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-11 05:49 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-11 05:49 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 05:49 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 05:49 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-11 05:49 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 05:49 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 05:49 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-11 05:49 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-11 05:49 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-11 05:49 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 05:49 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-11 05:49 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-11 05:49 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-11 05:49 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 05:49 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-11 05:49 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-11 05:49 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-11 05:49 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-11 05:49 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 05:49 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-11 05:49 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 05:49 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-11 05:44 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-11 05:44 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-10 17:08 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

[bromsongsmith]

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2017-12-22 00:10 - 2010-07-14 22:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Hewlett-Packard

2017-12-22 00:06 - 2010-07-23 17:10 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2017-12-22 00:01 - 2010-07-23 17:08 - 00000000 ____D () C:\Users\John\AppData\Roaming\HP Support Assistant

2017-09-02 00:32 - 2010-07-23 17:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\hpqLog

2015-04-06 17:49 - 2013-11-10 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-06 17:31 - 2010-07-14 22:22 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-06 16:17 - 2010-04-14 21:02 - 01928209 _____ () C:\Windows\WindowsUpdate.log

2015-04-06 14:31 - 2010-07-14 22:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-06 05:41 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-06 05:41 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-05 14:32 - 2014-11-08 10:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-05 10:40 - 2013-11-08 11:12 - 00000000 ____D () C:\Users\John\Documents\07 KEY RECORDS

2015-04-05 09:38 - 2015-02-26 13:31 - 00000000 ___RD () C:\Users\John\iCloudDrive

2015-04-05 09:38 - 2014-01-06 17:34 - 00000000 ___RD () C:\Users\John\Dropbox

2015-04-05 09:38 - 2014-01-06 17:31 - 00000000 ____D () C:\Users\John\AppData\Roaming\Dropbox

2015-04-05 09:37 - 2014-11-27 21:23 - 00014251 _____ () C:\Windows\setupact.log

2015-04-05 09:37 - 2012-04-18 14:50 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs

2015-04-05 09:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-04 15:48 - 2013-11-08 09:31 - 07606272 _____ () C:\Users\John\Documents\My Money2.mny

2015-04-04 07:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-04-04 07:36 - 2010-02-22 21:43 - 01422990 _____ () C:\Windows\PFRO.log

2015-04-03 11:50 - 2013-11-08 11:09 - 00000000 ____D () C:\Users\John\Documents\03 SUPPLIERS

2015-04-03 11:41 - 2013-11-08 18:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype

2015-04-03 11:23 - 2010-07-22 15:22 - 00000000 ____D () C:\Users\John\AppData\Roaming\HpUpdate

2015-04-03 09:51 - 2013-11-08 18:02 - 00000000 ____D () C:\ProgramData\Skype

2015-04-03 09:00 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media

2015-04-01 19:00 - 2014-12-11 11:52 - 00000000 ____D () C:\AdwCleaner

2015-04-01 10:51 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-31 22:33 - 2010-07-14 22:14 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job

2015-03-31 22:00 - 2012-04-18 14:50 - 00024547 _____ () C:\Windows\system32\lvcoinst.log

2015-03-28 09:11 - 2014-02-20 11:43 - 00000000 ____D () C:\Program Files (x86)\McAfee

2015-03-27 09:49 - 2013-11-10 13:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-27 09:49 - 2013-11-10 13:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-27 09:49 - 2013-11-10 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-27 00:02 - 2014-11-08 10:44 - 00001086 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-27 00:02 - 2014-11-08 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-27 00:02 - 2014-11-08 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-26 10:52 - 2011-05-03 14:02 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live

2015-03-26 08:46 - 2014-01-06 16:43 - 00000000 ____D () C:\Users\John\AppData\Local\Apple

2015-03-26 04:17 - 2014-12-11 14:01 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-26 04:17 - 2014-04-30 20:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-21 12:07 - 2010-07-14 22:22 - 00000000 ____D () C:\Users\John\AppData\Local\Google

2015-03-21 09:44 - 2009-07-14 05:45 - 00571016 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-19 19:48 - 2010-07-14 22:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2015-03-19 19:45 - 2010-07-14 22:09 - 00169048 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-18 19:45 - 2014-02-25 23:37 - 00766376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-03-17 07:15 - 2014-11-08 10:44 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-17 07:15 - 2014-11-08 10:44 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-17 07:15 - 2014-11-08 10:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-16 15:18 - 2015-02-26 13:31 - 00000000 ____D () C:\Users\John\AppData\Local\0FD54195-A04D-4E4B-8970-A39933581573.aplzod

2015-03-16 15:17 - 2010-07-14 22:01 - 00000000 ____D () C:\Users\John

2015-03-13 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-03-13 15:27 - 2010-02-22 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling

2015-03-13 15:14 - 2014-09-17 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-03-13 09:52 - 2014-01-06 17:34 - 00001033 _____ () C:\Users\John\Desktop\Dropbox.lnk

2015-03-13 09:52 - 2014-01-06 17:31 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-03-12 23:34 - 2010-07-14 23:34 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-12 09:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-03-12 09:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-03-11 23:22 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini

2015-03-11 23:16 - 2013-11-01 18:44 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-11 23:08 - 2010-07-14 22:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 17:08 - 2010-07-22 21:07 - 00000000 ____D () C:\ProgramData\McAfee

2015-03-10 17:07 - 2010-07-22 21:24 - 00000000 ____D () C:\Program Files\Common Files\McAfee

 

==================== Files in the root of some directories =======

 

2003-11-10 16:27 - 2003-11-10 16:26 - 0376884 _____ () C:\Program Files\image001.bmp

2014-07-16 10:33 - 2014-06-02 15:31 - 0759296 _____ () C:\Program Files\Midnight Compressor 64.dll

2014-07-16 10:33 - 2014-06-02 15:39 - 0604672 _____ () C:\Program Files\Midnight Compressor.dll

2014-07-16 10:33 - 2014-06-02 15:31 - 1030144 _____ () C:\Program Files\Midnight EQ 64.dll

2014-07-16 10:33 - 2014-06-02 15:41 - 0862208 _____ () C:\Program Files\Midnight EQ.dll

2014-08-09 17:45 - 2014-08-09 17:45 - 0001181 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.1.txt

2014-08-09 17:45 - 2014-08-15 12:27 - 0000919 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.txt

2014-08-09 17:45 - 2014-08-15 12:27 - 0000000 _____ () C:\Users\John\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

2013-11-12 10:34 - 2014-11-05 11:12 - 0002392 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat

2014-11-28 18:49 - 2014-11-28 18:49 - 0003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-10-25 16:46 - 2014-10-25 16:46 - 0007627 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg

2015-01-06 15:59 - 2015-01-06 15:59 - 0000057 _____ () C:\ProgramData\Ament.ini

2010-07-26 16:28 - 2013-11-11 18:16 - 0007509 _____ () C:\ProgramData\hpzinstall.log

 

Some content of TEMP:

====================

C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyamtar.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-03-20 04:54

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by John at 2015-04-06 18:04:57

Running from C:\Users\John\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Ableton Live 9 Lite (HKLM\...\{9DB681F9-3FA5-471C-A842-FF422783753D}) (Version: 9.0.0.0 - Ableton)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 - Michael Tippach)

BBC iPlayer Downloads (HKLM-x32\...\{D8753E3F-B86E-4BA6-A44A-6D92BFB38519}) (Version: 1.11.0 - BBC)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BT NetProtect Plus (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)

Elevated Installer (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.6.6.2134 - Steinberg Media Technologies GmbH)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)

Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)

Garmin City Navigator Europe NT 2014.40 Update (HKLM-x32\...\{45734B7D-FC19-4C0A-997F-6AFF6E1D29F8}) (Version: 17.40.0.0 - Garmin Ltd or its subsidiaries)

Garmin City Navigator Europe NT 2015.20 (HKLM-x32\...\{EF144B2A-E433-45ED-959C-FD913ABCE5D8}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)

HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

MAGIX Movie Edit Pro 2014 (HKLM-x32\...\MX.{146DFB48-B585-48B9-A407-16DD6F686550}) (Version: 13.0.0.28 - MAGIX AG)

MAGIX Movie Edit Pro 2014 (Version: 13.0.0.28 - MAGIX AG) Hidden

MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{6897F803-51A2-4305-B81D-7DAC3EFA6367}) (Version: 7.0.1.27 - MAGIX AG)

MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

M-Audio USB MIDI Series Driver 5.0.1 (x64) (HKLM\...\{32ED2629-C9B1-4C29-A32A-F3E04A5EE303}) (Version: 5.0.1 - M-Audio)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Money (HKLM-x32\...\{019210C1-32C8-423C-BEFD-763C8E7A188F}) (Version: 11.0.120 - Microsoft)

Microsoft Money System Pack (HKLM-x32\...\{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}) (Version: 11.0.120 - Microsoft)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Midnight 1.6 (HKLM\...\Midnight_is1) (Version: 1.6 - Focusrite)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MusicTime Deluxe 3.5.5 (HKLM-x32\...\MusicTime Deluxe 3.5.5) (Version:  - )

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA Graphics Driver 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)

NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden

Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)

Steinberg Cubase LE 4 (HKLM-x32\...\{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}) (Version: 4.0.3.2233 - Steinberg Media Technologies GmbH)

Syncrosoft License Control (HKLM-x32\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1496942062-3818417186-1800515790-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

26-03-2015 04:00:18 Windows Update

26-03-2015 22:00:32 Windows Backup

27-03-2015 09:42:20 McAfee Vulnerability Scanner

27-03-2015 22:00:28 Windows Backup

28-03-2015 22:00:32 Windows Backup

29-03-2015 21:00:58 Windows Backup

30-03-2015 21:00:32 Windows Backup

31-03-2015 21:00:35 Windows Backup

01-04-2015 21:00:19 Windows Backup

02-04-2015 21:00:28 Windows Backup

03-04-2015 09:44:19 McAfee Vulnerability Scanner

03-04-2015 21:00:43 Windows Backup

04-04-2015 21:00:26 Windows Backup

05-04-2015 03:00:21 Windows Update

05-04-2015 21:01:08 Windows Backup

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {00CC4095-B9B2-42FA-962C-66C468BA5B90} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {05BE61D3-9610-4490-B76A-CABB890E1904} - System32\Tasks\{34A8EE7B-6C96-45E2-8DF9-35BBB81355D6} => pcalua.exe -a R:\Setup.EXE -d R:\

Task: {12E969B2-8AB7-407B-9679-DA3F7F2FFAD3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {1411CA66-9DF1-415D-BCFA-D78EF9612A01} - System32\Tasks\{A11818B2-7F72-4FB3-9290-0DAD09701132} => pcalua.exe -a "C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe" -d C:\Windows\system32

Task: {1892CBF8-8A99-4F51-BB52-6D81964CD1C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {29E6C302-62EA-49B6-B6C0-B8047DAD9631} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)

Task: {2B5C6F67-DC42-49AF-8C4B-E2C8FDDFDF3A} - System32\Tasks\{E7251A8B-E1B0-4218-9F70-8EC3D0A2E370} => pcalua.exe -a F:\Autorun.exe -d F:\

Task: {38EEF744-D6DC-4720-9831-79847498ACCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-27] (Adobe Systems Incorporated)

Task: {53D049E4-DD99-4DA2-B549-DE3DFA76EAB1} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {5C447ECD-6074-4A4D-8767-562E367E53B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {5CECAE46-C132-419B-81CA-DA4AB2901C42} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)

Task: {6863C041-6969-4E94-A4AD-220979362665} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {79773AB7-692F-4B27-98D5-963D85CC0043} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()

Task: {7EC252D0-2FF9-4D38-8987-C8B9F233BE30} - System32\Tasks\{CAD7C447-69EF-4B18-A708-08D3A8FB073F} => pcalua.exe -a C:\Lxkx75\PROGRAM\32\Setup32.exe -d C:\Lxkx75\PROGRAM\32

Task: {86D10B9D-73F9-4843-9AE7-D7CF4F2A5F51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {A1943436-E1FC-4B0C-8E51-334BA6F6E1CF} - System32\Tasks\{2AE317E9-D81C-4CF9-8EE6-EE1E8F438B5A} => pcalua.exe -a "F:\Cubase LE 4 for Windows\Additional Content\Copy Protection Driver\SyncrosoftLicenseControlSetup.exe" -d "F:\Cubase LE 4 for Windows\Additional Content\Copy Protection Driver"

Task: {A92EA05E-6741-4F6F-A149-8EC43498CC20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {AE5219AA-D3B2-4E7B-957C-283EC8243177} - System32\Tasks\{32747A74-30A4-45EE-A523-4E1D842B3DC0} => pcalua.exe -a F:\setup.exe -d F:\

Task: {BD98ADF2-9478-4DE1-998B-5BDF8BA08324} - System32\Tasks\{1C73B091-3581-4FA9-BA61-1E2157A20E18} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.114&LastError=404

Task: {D9664778-C9A2-4539-BBFF-5F0337D24A55} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()

Task: {EB8C8ADD-3214-4158-B6FD-761691BDA546} - System32\Tasks\WebReg HP Deskjet D5500 Series => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

Task: {F20D0FA2-FB4E-49BD-83D7-FE605546AD7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {F9F8471E-205E-4BCC-9802-F29D56A0F2DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

 

==================== Loaded Modules (whitelisted) ==============

 

2012-09-20 10:45 - 2012-08-18 09:28 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-03-19 19:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-03-19 19:52 - 2015-03-19 19:52 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-04-05 09:38 - 2015-04-05 09:38 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyamtar.dll

2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

2015-04-03 09:40 - 2015-03-30 22:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1496942062-3818417186-1800515790-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1496942062-3818417186-1800515790-500 - Administrator - Disabled)

Guest (S-1-5-21-1496942062-3818417186-1800515790-501 - Limited - Disabled) => C:\Users\Guest

HomeGroupUser$ (S-1-5-21-1496942062-3818417186-1800515790-1002 - Limited - Enabled)

John (S-1-5-21-1496942062-3818417186-1800515790-1001 - Administrator - Enabled) => C:\Users\John

UpdatusUser (S-1-5-21-1496942062-3818417186-1800515790-1003 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/06/2015 02:45:43 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/06/2015 05:36:54 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/05/2015 08:20:20 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/05/2015 08:20:19 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/05/2015 08:17:29 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/05/2015 08:04:58 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (04/05/2015 07:59:15 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

 

System errors:

=============

Error: (04/06/2015 01:02:12 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:02:08 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:02:06 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:02:03 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:01:59 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:01:56 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:01:53 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:01:50 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:01:47 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

Error: (04/06/2015 01:01:44 PM) (Source: Disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk2\DR2, has a bad block.

 

 

Microsoft Office Sessions:

=========================

Error: (04/06/2015 02:45:43 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (04/06/2015 05:36:54 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\users\john\downloads\esetsmartinstaller_enu.exe

 

Error: (04/05/2015 08:20:20 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

 

Error: (04/05/2015 08:20:19 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Desktop\esetsmartinstaller_enu.exe

 

Error: (04/05/2015 08:17:29 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

 

Error: (04/05/2015 08:04:58 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

 

Error: (04/05/2015 07:59:15 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\John\Downloads\esetsmartinstaller_enu.exe

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3 CPU 530 @ 2.93GHz

Percentage of memory in use: 38%

Total physical RAM: 3959.08 MB

Available physical RAM: 2419.91 MB

Total Pagefile: 9895.27 MB

Available Pagefile: 6716.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (600 GB Internal Disk) (Fixed) (Total:583.46 GB) (Free:394.19 GB) NTFS

Drive d: (DO NOT OPEN FACTORY_IMAGE) (Fixed) (Total:12.61 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (300 GB Local Disk) (Fixed) (Total:298.09 GB) (Free:289.32 GB) NTFS

Drive k: (1 TB external drive) (Fixed) (Total:931.51 GB) (Free:239 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=583.5 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 9A880D3D)

Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 931.5 GB) (Disk ID: 51747E54)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[deeprybka]

Hi,

please copy&paste the following text into the URL-linie of your chrome-browser:

chrome://settings/homePageOverlay

and delete the //www.trovi.com entry manually.

[bromsongsmith]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 06/04/2015

Scan Time: 18:27:23

Logfile: 

Administrator: Yes

 

Version: 2.01.4.1018

Malware Database: v2015.04.06.07

Rootkit Database: v2015.03.31.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: John

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 449979

Time Elapsed: 30 min, 59 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Trovi.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: (   "homepage": "http://www.trovi.com/?gd=&ctid=CT3325871&octid=EB_ORIGINAL_CTID&ISID=71d7a3bf-b372-44ff-8313-3cab703cb7bf&SearchSource=55&CUI=&UM=6&UP=SP397D0EA7-095B-4BA5-A6AF-3EC0F310AAAA&SSPV=",),Replaced,[2e31c1a8d1b982b415010a2d679fb24e]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

THANK YOU FOR  YOUR HELP WITH MY PROBLEM  SO FAR.  WHEN WE HAVE SOLVED THE PROBLEM I WILL BE UPGRADING TO MALWAREBYTES PREMIUM.  I WILL ALSO BE HAPPY TO MAKE A DONATION VIA PAYPAL>

[deeprybka]

Please do the following:

 

Hi,

please copy&paste the following text into the URL-linie of your chrome-browser:

chrome://settings/homePageOverlay

and delete the //www.trovi.com entry manually.

 

Reboot your PC. Repeat the step "please copy&paste the following text into the URL-linie of your chrome-browser:
chrome://settings/homePageOverlay" Is that entry gone?

[bromsongsmith]

I don't understand what you instruct me.  You say 

 

Posted Today, 06:39 PM

Hi,

please copy&paste the following text into the URL-linie of your chrome-browser:

chrome://settings/homePageOverlay

and delete the //www.trovi.com entry manually.

 

 

I HAVE COPIED AND PASTED chrome://settings/homePageOverlay INTO THE URL_LINE OF MY CHROME BROWSER but I do not understand your instruction, "Delete the //www.trovi.com entry".

 

Where, or how, do I do this?

 

When I paste chrome://settings/homePageOverlay INTO THE URL_LINE OF MY CHROME BROWSER, and click enter, all I see is my CHROME 'Settings' page with many options

 

I don't see anywhere to 'DELETE' www.trovi.com 

 

Please be patient with me.  Am I doing something wrong?

[deeprybka]

Copy & Paste it into the URL line, press enter. Now a Window should pop up. There must be an entry...

[bromsongsmith]

Please ignore my last Post because I have succeeded in following your instruction.  I have deleted the entry www.trovi.com.

 

Following a reboot, I confirm that the entry is no longer there.

 

Malwarebytes scan now reports no recurrence of PUP.Optional.Trovi.A

 

Thank you for your excellent support.

 

Best regards,

John

[deeprybka]

You are welcome!

It's good to hear that your problems appear to be solved.

That's it!
Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

• You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
• Download DelFix (by Xplode) and save it to your Desktop.
  • Close all running programs and start delfix.exe.
  • Make sure that all available options are checked.
  • Click on Run
  • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
• If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

[bromsongsmith]

Jurgen,

 

Once again I thank you.  Your advice to 'Clean up' has been applied and I will try and be more cautious about downloads/free software/bundles in future !

 

I hope your employer (Malwarebytes) realises what an asset you are to their brand.

 

As a result of the confidence I have gained from your your support, I have upgraded from 'Free' Malawarebytes, to 'Premium' Malwarebytes.

 

I wish you health and happiness my internet friend...

 

John

[deeprybka]

Thank you very much!

The same to you!

 

 

I hope your employer (Malwarebytes) realises what an asset you are to their brand.

 

I am only a volunteer.