Jump to content

Browser extensions self-installing, folders with random characters appearing in ProgramData


Recommended Posts

The only symptoms are described in the title. Began about a week ago, I'd been streaming video with Chrome and suddenly the advertisements started ignoring my ABP. Did not have Firefox open at the time, but Firefox was also affected with similar symptoms, random adware extensions downloading and running. 

I found the two random-character folders in ProgramData while following instructions for removal of one of the extensions, trying to figure out where they might be coming from. I couldn't delete them at first, they were a regular pain in the rear end until I took ownership of the folders and toyed with permissions for a while. I don't know if they're related to the adware issue, but I did want to make them known just in case. 

Reinstalled Chrome clean just a few days ago when the browser refused to let me download an extension I actually wanted to download. That fixed the problem. Ran MBAM the same night and found a PUP (can't remember what kind or the full name) as well as IndepthEdit issues, all removed. Today's MBAM quick scan resulted in no threats. 

Uninstalled uTorrent. I think all torrent files are gone.

Thank you in advance! 

 

 

FRST Log: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Mel (administrator) on MEL-PC on 16-04-2015 12:24:09
Running from C:\Users\Mel\Desktop
Loaded Profiles: Mel (Available profiles: Mel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Telstra Corporation Ltd.) C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\pcTrayApp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Curse) C:\Users\Mel\AppData\Local\Apps\2.0\AE2VXK7Y.JT9\VBT3C43B.BQY\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
() C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Dropbox, Inc.) C:\Users\Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(LULU Software Limited) C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe
(Alcatel-Lucent) C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\MAHostService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Joyent, Inc) C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\node.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Office15\POWERPNT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Office15\POWERPNT.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windstream_McciTrayApp] => C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\pcTrayApp.exe [2905088 2014-09-11] (Telstra Corporation Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [steelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] => C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe [1945600

2011-10-03] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\Run: [battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-04-07] (Blizzard Entertainment)
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\MountPoints2: {2fcb64f1-7b01-11e4-97b0-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\MountPoints2: {b14562e9-0077-11e4-8149-806e6f6e6963} - D:\Gw2Setup.exe
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-2667224228-1020230360-1385556155-1000] => localhost:21320
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-2667224228-1020230360-1385556155-1000 -> DefaultScope {94586F80-A0BB-43C0-A448-910A55301690} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2667224228-1020230360-1385556155-1000 -> {94586F80-A0BB-43C0-A448-910A55301690} URL = https://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\8dbm1mur.default-1421694296002
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://gmail.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll [2014-09-11] (Windstream)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Windstream)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll No File
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll No File
FF Plugin-x32: Soda PDF 3D Reader -> C:\Program Files (x86)\Soda PDF 3D Reader\np-previewer.dll [2015-01-16] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-2667224228-1020230360-1385556155-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2667224228-1020230360-1385556155-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies

ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-21] (Apple Inc.)
FF Extension: Windstream Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-04-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-08]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_3d_reader@sodapdf.com] - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension
FF Extension: Soda PDF 3D Reader Creator - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension [2015-03-29]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-15]
CHR Extension: (Google Docs) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-15]
CHR Extension: (Google Drive) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-15]
CHR Extension: (YouTube) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-15]
CHR Extension: (Adblock Plus) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-15]
CHR Extension: (Google Search) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-15]
CHR Extension: (Windstream Extension) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-04-15]
CHR Extension: (Video Downloader professional) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-15]
CHR Extension: (Google Sheets) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-15]
CHR Extension: (Bookmark Manager) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Voice Recognition) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-04-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-04-15]
CHR Extension: (The Great Suspender) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Skype Click to Call) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-15]
CHR Extension: (Gmail) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [786232 2015-01-16] (LULU SOFTWARE LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SODA Manager; C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe [868688 2015-01-29] (LULU Software Limited)
S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1862456 2015-01-16] (LULU SOFTWARE LIMITED)
R2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [623416 2015-01-16] (LULU SOFTWARE LIMITED)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Windstream MAHostService; C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\MAHostService.exe [321024 2014-09-11] (Alcatel-Lucent) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-26] (Sagatek Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 12:24 - 2015-04-16 12:24 - 00027474 _____ () C:\Users\Mel\Desktop\FRST.txt
2015-04-16 12:23 - 2015-04-16 12:24 - 00000000 ____D () C:\FRST
2015-04-16 12:19 - 2015-04-16 12:23 - 02097664 _____ (Farbar) C:\Users\Mel\Desktop\FRST64.exe
2015-04-16 12:00 - 2015-04-16 12:00 - 00000000 ____D () C:\Users\Mel\AppData\OICE_15_974FA576_32C1D314_205F
2015-04-16 10:55 - 2015-04-16 10:55 - 00000000 ____D () C:\Users\Mel\AppData\Local\Macromedia
2015-04-15 13:35 - 2015-04-16 11:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 13:35 - 2015-04-15 13:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 13:35 - 2015-04-15 13:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 13:35 - 2015-04-15 13:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 13:35 - 2015-04-15 13:35 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-15 01:15 - 2015-04-15 01:15 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 01:15 - 2015-04-15 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-15 01:08 - 2015-04-16 12:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 01:08 - 2015-04-16 09:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 01:08 - 2015-04-15 01:08 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-15 01:08 - 2015-04-15 01:08 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-15 01:04 - 2015-04-15 01:04 - 00002308 _____ () C:\Users\Mel\Downloads\software_removal_tool.log
2015-04-15 00:52 - 2015-04-15 01:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-15 00:47 - 2015-04-15 01:18 - 00000000 ____D () C:\Users\Mel\Desktop\mbar
2015-04-15 00:16 - 2015-04-16 12:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 00:16 - 2015-04-15 00:20 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mel\Downloads\mbar-1.09.1.1004.exe
2015-04-15 00:16 - 2015-04-15 00:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 00:16 - 2015-04-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 00:15 - 2015-04-15 00:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 00:15 - 2015-04-15 00:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 00:15 - 2015-04-15 00:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 00:15 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-15 00:15 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 00:09 - 2015-04-15 00:12 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Mel\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 22:58 - 2015-04-14 22:58 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mel\Downloads\RootkitRevealer.exe
2015-04-14 22:54 - 2015-04-14 22:54 - 00588816 _____ () C:\Users\Mel\Downloads\Autoruns.zip
2015-04-14 22:44 - 2015-04-14 22:55 - 00000000 ____D () C:\Users\Mel\Desktop\rootkit revealer
2015-04-14 22:44 - 2015-04-14 22:44 - 00231390 _____ () C:\Users\Mel\Downloads\RootkitRevealer.zip
2015-04-14 21:32 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:32 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:32 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:32 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:32 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:32 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:32 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:32 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:32 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:32 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:32 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:32 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:32 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:32 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:32 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:32 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:32 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:32 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:32 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:32 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:32 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:32 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:32 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:32 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:32 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:32 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:32 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:32 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:32 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:32 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:32 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:32 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:32 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:32 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:32 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:32 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:32 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:32 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:32 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:32 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:32 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:32 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:32 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:32 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:32 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:32 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:32 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:32 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:32 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:32 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:32 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:32 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:32 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:32 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:32 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:32 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:32 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:31 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 18:05 - 2015-04-14 18:05 - 00000355 _____ () C:\Users\Mel\Desktop\Computer - Shortcut (2).lnk
2015-04-14 17:02 - 2015-04-14 18:39 - 00000000 ____D () C:\Users\Mel\Desktop\backups
2015-04-14 17:02 - 2015-04-14 17:02 - 00012748 _____ () C:\Users\Mel\Desktop\hijackthis.log
2015-04-14 16:59 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 16:59 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 16:59 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 16:59 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 16:59 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 16:57 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 16:57 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 16:57 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 16:56 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 16:56 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 16:51 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 16:51 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:51 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 16:51 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 16:46 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 16:46 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 16:46 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 16:46 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 16:46 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 16:46 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 16:46 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 16:46 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 16:46 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 16:46 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 16:46 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 16:46 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 16:46 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 16:46 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 16:46 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 16:46 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 16:46 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 16:46 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 16:46 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:41 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 16:12 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 16:12 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 16:12 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 16:43 - 2015-04-13 17:30 - 00005637 _____ () C:\ads_err.adt
2015-04-13 16:43 - 2015-04-13 16:44 - 00003072 _____ () C:\ads_err.adi
2015-04-13 16:43 - 2015-04-13 16:43 - 00004136 _____ () C:\ads_err.adm
2015-04-13 16:40 - 2015-04-13 16:40 - 00000000 ____D () C:\SUPPORT
2015-04-13 16:40 - 2015-04-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revenue Management
2015-04-13 16:39 - 2015-04-13 16:39 - 00000856 _____ () C:\Users\Public\Desktop\Office Hours Professional Demo.lnk
2015-04-13 16:39 - 2015-04-13 16:39 - 00000845 _____ () C:\Users\Public\Desktop\Medisoft Advanced Demo.lnk
2015-04-13 16:39 - 2015-04-13 16:39 - 00000814 _____ () C:\Users\Public\Desktop\Work Administrator.lnk
2015-04-13 16:39 - 2015-04-13 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medisoft
2015-04-13 16:38 - 2015-04-13 17:09 - 00000000 ____D () C:\MediData
2015-04-13 16:37 - 2015-04-13 16:38 - 00000000 ____D () C:\Medisoft DEMO DEMO
2015-04-13 16:37 - 2015-04-13 16:37 - 00000533 _____ () C:\Windows\KB893803v2.log
2015-04-13 16:37 - 2015-04-13 16:37 - 00000000 ____D () C:\ProgramData\Medisoft
2015-04-13 16:36 - 2015-04-13 16:36 - 00000000 ____D () C:\Program Files (x86)\Medisoft
2015-04-11 22:08 - 2015-04-11 22:08 - 00000000 ____D () C:\Users\Mel\AppData\OICE_15_974FA576_32C1D314_38CF
2015-04-11 14:32 - 2015-04-11 19:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 14:32 - 2015-04-11 14:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-11 14:32 - 2015-04-11 14:32 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-11 14:32 - 2015-04-11 14:32 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-11 14:32 - 2015-04-11 14:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-11 14:32 - 2015-04-11 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-11 14:32 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-11 13:55 - 2015-04-11 14:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mel\Downloads\spybot-2.4.exe
2015-04-11 13:41 - 2015-04-11 13:41 - 00000000 ____D () C:\Users\Mel\Downloads\backups
2015-04-11 13:33 - 2015-04-11 13:33 - 00012778 _____ () C:\Users\Mel\Downloads\hijackthis.log
2015-04-11 13:31 - 2015-04-11 13:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mel\Desktop\HijackThis.exe
2015-04-11 13:17 - 2015-04-15 00:36 - 00000000 ____D () C:\Program Files (x86)\IndepthEdit
2015-04-11 13:14 - 2015-04-14 15:15 - 00000020 _____ () C:\Users\Mel\AppData\Roaming\appdataFr3.bin
2015-04-08 22:34 - 2015-04-09 23:05 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\.minecraft
2015-04-08 22:34 - 2015-04-08 22:34 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\java
2015-04-08 22:15 - 2015-04-08 22:33 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-04-08 22:15 - 2015-04-08 22:15 - 00000961 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-04-08 22:15 - 2015-04-08 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-04-08 22:11 - 2015-04-08 22:12 - 02314240 _____ () C:\Users\Mel\Downloads\MinecraftInstaller.msi
2015-04-08 12:05 - 2015-04-11 13:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 21:15 - 2015-04-05 21:15 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 21:15 - 2015-04-05 21:15 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 19:11 - 2015-04-05 19:15 - 00000000 ____D () C:\Users\Mel\Desktop\Camera phone 04-06
2015-03-31 08:42 - 2015-03-31 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 08:42 - 2015-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-29 23:33 - 2015-03-29 23:33 - 00001022 _____ () C:\Users\Public\Desktop\Soda PDF 3D Reader.lnk
2015-03-29 23:32 - 2015-03-29 23:37 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Soda PDF 3D Reader
2015-03-29 23:32 - 2015-03-29 23:32 - 00000000 ____D () C:\ProgramData\LULU Software
2015-03-29 23:31 - 2015-03-30 00:10 - 00000000 ____D () C:\Users\Mel\Documents\Soda PDF Files
2015-03-29 23:31 - 2015-03-29 23:32 - 00000000 ____D () C:\Program Files (x86)\Soda PDF 3D Reader
2015-03-29 23:31 - 2015-03-29 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 3D Reader
2015-03-29 23:29 - 2015-03-29 23:29 - 00000000 ____D () C:\ProgramData\Soda PDF 3D Reader
2015-03-29 23:28 - 2015-03-29 23:59 - 00000000 ____D () C:\Users\Mel\Downloads\The Walking Dead Comics 1-134 + Specials
2015-03-29 23:28 - 2015-03-29 23:28 - 05971544 _____ (LULU Software Limited) C:\Users\Mel\Downloads\Soda_3D_7_Installer.exe
2015-03-28 16:38 - 2015-03-28 16:38 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-03-28 16:26 - 2015-03-28 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series User Registration
2015-03-28 16:23 - 2015-03-28 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series Manual
2015-03-28 16:09 - 2015-04-09 15:29 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-28 16:09 - 2015-03-28 16:09 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-03-28 16:07 - 2015-03-28 16:08 - 50908760 _____ () C:\Users\Mel\Downloads\win-mx470-1_0-ucd.exe
2015-03-24 19:01 - 2015-03-24 19:01 - 00000022 _____ () C:\Users\Mel\Downloads\Index Php Calico Jack Spiced R Downloader.zip
2015-03-20 22:54 - 2015-03-20 22:54 - 00000000 ____D () C:\Users\Mel\AppData\OICE_15_974FA576_32C1D314_3C58

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 11:49 - 2014-06-30 10:20 - 00000000 ____D () C:\Users\Mel\AppData\Local\Deployment
2015-04-16 11:43 - 2014-08-17 14:29 - 00000000 ____D () C:\Users\Mel\AppData\Local\LogMeIn Hamachi
2015-04-16 11:09 - 2014-06-30 13:00 - 01300344 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 10:50 - 2015-01-12 18:12 - 00000000 ____D () C:\Users\Mel\AppData\Local\Battle.net
2015-04-16 10:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-04-16 09:57 - 2015-01-08 18:37 - 00000000 ____D () C:\Users\Mel\AppData\Local\Adobe
2015-04-16 09:56 - 2009-07-14 00:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-16 09:56 - 2009-07-14 00:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-16 09:50 - 2014-06-30 10:19 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB52D448-0961-4830-9779-72FC4E3589E8}
2015-04-16 09:49 - 2015-01-14 18:49 - 00000000 ____D () C:\Program Files (x86)\Windstream Support Center
2015-04-16 09:49 - 2014-07-15 08:48 - 00000000 ___RD () C:\Users\Mel\Dropbox
2015-04-16 09:49 - 2014-07-15 08:45 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Dropbox
2015-04-16 09:48 - 2009-07-14 00:51 - 00145704 _____ () C:\Windows\setupact.log
2015-04-16 09:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-16 09:46 - 2014-06-30 10:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-15 23:36 - 2014-08-31 22:54 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Mumble
2015-04-15 03:25 - 2010-11-20 23:47 - 00167988 _____ () C:\Windows\PFRO.log
2015-04-15 03:09 - 2015-01-18 23:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-15 03:09 - 2015-01-18 23:24 - 00000000 ____D () C:\Program Files (x86)\Office15
2015-04-15 03:08 - 2015-01-18 23:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:04 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-15 01:15 - 2014-06-30 10:20 - 00000000 ____D () C:\Users\Mel\AppData\Local\Google
2015-04-15 01:15 - 2014-06-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-15 00:36 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2015-04-15 00:36 - 2009-07-14 01:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 23:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-14 23:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-14 19:15 - 2014-12-19 14:36 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 19:15 - 2014-06-30 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 19:00 - 2014-06-30 10:48 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 19:00 - 2009-07-14 01:13 - 00773912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 18:58 - 2014-06-30 11:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 18:52 - 2014-06-30 11:56 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 15:28 - 2014-07-01 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-14 15:28 - 2014-07-01 14:38 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-14 15:28 - 2014-06-30 10:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-13 19:25 - 2009-07-14 00:45 - 05076568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-13 19:20 - 2014-06-30 10:20 - 00118072 _____ () C:\Users\Mel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 13:40 - 2015-01-08 18:14 - 00000000 ____D () C:\Program Files\Canon
2015-04-12 13:40 - 2015-01-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-12 02:01 - 2014-12-29 01:17 - 00000000 ____D () C:\Users\Mel\AppData\Local\Plex Media Server
2015-04-11 20:22 - 2015-02-11 14:09 - 00000000 ____D () C:\Users\Mel\AppData\Local\AddLive_v3
2015-04-11 13:43 - 2014-07-01 19:35 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Skype
2015-04-11 13:31 - 2014-06-30 10:10 - 00000000 ____D () C:\Users\Mel\AppData\Local\VirtualStore
2015-04-09 22:12 - 2014-07-15 08:48 - 00001009 _____ () C:\Users\Mel\Desktop\Dropbox.lnk
2015-04-09 22:12 - 2014-07-15 08:46 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 21:13 - 2014-11-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 18:23 - 2015-01-12 18:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 16:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-06 22:32 - 2014-07-02 08:13 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\vlc
2015-04-06 20:44 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Mel\Desktop\School
2015-04-06 20:14 - 2015-01-12 18:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-31 08:42 - 2014-08-17 14:28 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-03-30 15:25 - 2014-09-04 11:15 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-29 13:02 - 2014-06-30 10:10 - 00000000 ____D () C:\Users\Mel
2015-03-28 16:26 - 2015-01-08 18:19 - 00002025 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-03-28 16:26 - 2015-01-08 18:19 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-03-28 16:26 - 2015-01-08 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-03-28 16:23 - 2015-01-08 18:14 - 00002358 _____ () C:\Users\Public\Desktop\Canon MX470 series On-screen Manual.lnk
2015-03-20 12:21 - 2014-10-16 03:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-20 12:21 - 2014-07-01 19:35 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-04-11 13:14 - 2015-04-14 15:15 - 0000020 _____ () C:\Users\Mel\AppData\Roaming\appdataFr3.bin
2014-08-26 20:49 - 2014-08-26 20:49 - 0000008 _____ () C:\Users\Mel\AppData\Roaming\Lucid_player_highscore.dat
2014-08-26 20:49 - 2014-08-26 20:49 - 0000212 _____ () C:\Users\Mel\AppData\Roaming\Lucid_player_profiles_data.dat
2014-07-03 10:34 - 2014-09-03 11:16 - 0010752 _____ () C:\Users\Mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Mel\AppData\Local\Temp\ChangeMSIProductCode.exe
C:\Users\Mel\AppData\Local\Temp\ChkClientInst.exe
C:\Users\Mel\AppData\Local\Temp\CTreeInstallValidation.exe
C:\Users\Mel\AppData\Local\Temp\CTreeServ.exe
C:\Users\Mel\AppData\Local\Temp\DeleteFolder.exe
C:\Users\Mel\AppData\Local\Temp\DeleteShortCut.exe
C:\Users\Mel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphv147g.dll
C:\Users\Mel\AppData\Local\Temp\FHXPFVWCFDT.exe
C:\Users\Mel\AppData\Local\Temp\GEEATVQG.exe
C:\Users\Mel\AppData\Local\Temp\ini2cmd.exe
C:\Users\Mel\AppData\Local\Temp\ini2msi.exe
C:\Users\Mel\AppData\Local\Temp\JJ.exe
C:\Users\Mel\AppData\Local\Temp\KillProcess.dll
C:\Users\Mel\AppData\Local\Temp\KillProcess.exe
C:\Users\Mel\AppData\Local\Temp\ModifyMSIProductCode.exe
C:\Users\Mel\AppData\Local\Temp\QBZ.exe
C:\Users\Mel\AppData\Local\Temp\SwapText.exe
C:\Users\Mel\AppData\Local\Temp\VLHTI.exe
C:\Users\Mel\AppData\Local\Temp\VPBZQUFHRR.exe
C:\Users\Mel\AppData\Local\Temp\WUSKOHQMU.exe
C:\Users\Mel\AppData\Local\Temp\Y.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 16:09

==================== End Of Log ============================



When I tried to post the topic with Addition.txt, the post editor said I had to shorten the post 'a little'. Very unhelpful. Can we get a max character counter please?

Addition.txt

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

1. Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

You can also use this version of RogueKiller which works on both 32 and 64 bit:

RogueKiller 32 & 64 bit

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Sometimes when clearing out an infection the winsock stack will become corrupt and you'll loose your internet connection. To resolve this....reset the stack as outlined HERE

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Thanks, Mister Charlie. Say, I thought I'd gotten rid of all p2p software, could you please point out trouble you find? MS Office is mine legally, required by my school. Other than that I can't think of any remnants from my rebel days that should be remaining on the computer. 

Scanning with MBAM now. 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2015
Scan Time: 9:44:08 PM
Logfile: log.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.18.01
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357994
Time Elapsed: 15 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)




 

RogueKiller V10.5.10.0 (x64) [Apr 14 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mel [Administrator]
Started from : C:\Users\Mel\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 04/17/2015  22:26:54
 
¤¤¤ Processes : 2 ¤¤¤
[suspicious.Path] CurseClient.exe(1784) -- C:\Users\Mel\AppData\Local\Apps\2.0\AE2VXK7Y.JT9\VBT3C43B.BQY\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe[-] -> Killed [TermProc]
[suspicious.Path] Soda Manager.exe(3168) -- C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 9 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SODA Manager ("C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SODA Manager ("C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe") -> Found
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SODA Manager ("C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe") -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2667224228-1020230360-1385556155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2667224228-1020230360-1385556155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 8dbm1mur.default-1421694296002 : user_pref("browser.startup.homepage", "http://gmail.com/");-> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010KLA330 ATA Device +++++
--- User ---
[MBR] 80da951f16e46c7358ababe4467c4e97
[bSP] d74fb021b6d94ef1c36e7da6f84c9bd9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

---

Thank you again, MrC. Gorgeous pups, there. 
Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Please uninstall Spybot - Search & Destroy , it may interfere with the cleaning process.

    Also please uninstall this program:
    LighterSystem

    =================================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ==========================

    Lets check for any adware/spyware now:

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program that may have been targeted by mistake.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Clean out temp files:

    Download TFC from here and save it to your desktop.
    http://oldtimer.geekstogo.com/TFC.exe
    http://www.bleepingcomputer.com/download/tfc/dl/92/
    Close any open programs and Internet browsers.
    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
    Please be patient as clearing out temp files may take a while.
    Once it completes you may be prompted to restart your computer, please do so.
    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

    Last:

    Please Update and run a Threat Scan (Malwarebytes)
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    MrC

fixlist.txt

Link to post
Share on other sites

When I attempted to uninstall LighterSystem, I received a popup error that read, "There was a problem starting C:\PROGRA~2\INDEPT~1\INDEPT~1.DLL".

 

Can I reinstall Spybot when we're all finished? 


 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2015 01
Ran by Mel at 2015-04-18 08:52:30 Run:1
Running from C:\Users\Mel\Desktop
Loaded Profiles: Mel (Available profiles: Mel)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [s-1-5-21-2667224228-1020230360-1385556155-1000] => localhost:21320
 
*****************
 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
 
==== End of Fixlog 08:52:30 ====


# DelFix v10.9 - Logfile created 18/04/2015 at 08:46:32
# Updated 27/02/2015 by Xplode
# Username : Mel - MEL-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
 
~ Creating registry backup ... OK
 
########## - EOF - ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Ultimate x64
Ran by Mel on Sat 04/18/2015 at  9:17:28.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/18/2015 at  9:19:55.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Thanks for your help! :) 
Link to post
Share on other sites

Can I reinstall Spybot when we're all finished?

Yes you can


Did you run AdwCleaner???? Log??

======================================

Please let me know what problems exist now......give me detailed information please.

=====================================

Please re-scan with FRST and Make sure the Addition Box is checked.
Post or attach the 2 logs FRST.txt and Addition.txt

MrC

Link to post
Share on other sites

Addition.txtApologies, forgot about the log, but I did run the scan. No new symptoms, computer seems to be behaving itself nicely.

# AdwCleaner v4.201 - Logfile created 18/04/2015 at 08:57:03
# Updated 08/04/2015 by Xplode
# Database : 2015-04-18.3 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Mel - MEL-PC
# Running from : C:\Users\Mel\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\c8449833-e575-8169-d9af-50797cee3ae3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6040a42c}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
[8dbm1mur.default-1421694296002\prefs.js] - Line Deleted : user_pref("extensions.4u5PDhFhM2JvZUOp.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjw4rTn6rTrHrHC6qHg4rTU9pdU\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
 
-\\ Google Chrome v42.0.2311.90
 
 
*************************
 
AdwCleaner[R0].txt - [2251 bytes] - [18/04/2015 08:54:58]
AdwCleaner[s0].txt - [2209 bytes] - [18/04/2015 08:57:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2268  bytes] ##########


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Mel (administrator) on MEL-PC on 18-04-2015 14:58:17
Running from C:\Users\Mel\Desktop
Loaded Profiles: Mel (Available profiles: Mel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Telstra Corporation Ltd.) C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\pcTrayApp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe
(Curse) C:\Users\Mel\AppData\Local\Apps\2.0\AE2VXK7Y.JT9\VBT3C43B.BQY\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Dropbox, Inc.) C:\Users\Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe
(Alcatel-Lucent) C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\MAHostService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Joyent, Inc) C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\node.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Windstream_McciTrayApp] => C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\pcTrayApp.exe [2905088 2014-09-11] (Telstra Corporation Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [steelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] => C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe [1945600 2011-10-03] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\Run: [battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-04-07] (Blizzard Entertainment)
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\MountPoints2: {2fcb64f1-7b01-11e4-97b0-806e6f6e6963} - D:\AUTORUN.EXE
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\...\MountPoints2: {b14562e9-0077-11e4-8149-806e6f6e6963} - D:\Gw2Setup.exe
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2667224228-1020230360-1385556155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2667224228-1020230360-1385556155-1000 -> {94586F80-A0BB-43C0-A448-910A55301690} URL = https://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\8dbm1mur.default-1421694296002
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://gmail.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll [2014-09-11] (Windstream)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Windstream)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll No File
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll No File
FF Plugin-x32: Soda PDF 3D Reader -> C:\Program Files (x86)\Soda PDF 3D Reader\np-previewer.dll [2015-01-16] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-2667224228-1020230360-1385556155-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Mel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2667224228-1020230360-1385556155-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-21] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-21] (Apple Inc.)
FF Extension: Windstream Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-04-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-08]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_3d_reader@sodapdf.com] - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension
FF Extension: Soda PDF 3D Reader Creator - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension [2015-03-29]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-15]
CHR Extension: (Google Docs) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-15]
CHR Extension: (Google Drive) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-15]
CHR Extension: (YouTube) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-15]
CHR Extension: (Adblock Plus) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-15]
CHR Extension: (Google Search) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-15]
CHR Extension: (Windstream Extension) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-04-15]
CHR Extension: (Video Downloader professional) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-04-15]
CHR Extension: (Google Sheets) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-15]
CHR Extension: (Bookmark Manager) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Voice Recognition) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-04-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-04-15]
CHR Extension: (The Great Suspender) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-15]
CHR Extension: (Gmail) - C:\Users\Mel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [786232 2015-01-16] (LULU SOFTWARE LIMITED)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-22] (Alcatel-Lucent) [File not signed]
S2 SODA Manager; C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe [868688 2015-01-29] (LULU Software Limited)
S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1862456 2015-01-16] (LULU SOFTWARE LIMITED)
R2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [623416 2015-01-16] (LULU SOFTWARE LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Windstream MAHostService; C:\Program Files (x86)\Windstream Support Center\9.0.0.209\ma\bin\MAHostService.exe [321024 2014-09-11] (Alcatel-Lucent) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-26] (Sagatek Co. Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-18 09:21 - 2015-04-18 09:21 - 00448512 _____ (OldTimer Tools) C:\Users\Mel\Desktop\TFC.exe
2015-04-18 09:19 - 2015-04-18 09:19 - 00000602 _____ () C:\Users\Mel\Desktop\JRT.txt
2015-04-18 09:04 - 2015-04-18 09:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEL-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-18 09:04 - 2015-04-18 09:04 - 00000000 ____D () C:\RegBackup
2015-04-18 09:03 - 2015-04-18 09:04 - 02686254 _____ (Thisisu) C:\Users\Mel\Desktop\JRT.exe
2015-04-18 08:54 - 2015-04-18 08:57 - 00000000 ____D () C:\AdwCleaner
2015-04-18 08:53 - 2015-04-18 08:54 - 00781312 _____ () C:\Users\Mel\Desktop\delfix_10.9 (1).exe
2015-04-18 08:53 - 2015-04-18 08:53 - 02217984 _____ () C:\Users\Mel\Desktop\adwcleaner_4.201.exe
2015-04-18 08:52 - 2015-04-18 08:52 - 00000000 ____D () C:\Users\Mel\Desktop\FRST-OlderVersion
2015-04-18 08:46 - 2015-04-18 08:49 - 00000318 _____ () C:\DelFix.txt
2015-04-18 08:46 - 2015-04-18 08:46 - 00000000 ____D () C:\Windows\ERUNT
2015-04-18 08:45 - 2015-04-18 08:46 - 00781312 _____ () C:\Users\Mel\Desktop\delfix_10.9.exe
2015-04-17 22:49 - 2015-04-17 22:50 - 00000000 ____D () C:\Users\Mel\AppData\Local\CrashDumps
2015-04-17 22:38 - 2015-04-17 22:38 - 00045993 _____ () C:\Users\Mel\Downloads\Addition.txt
2015-04-17 22:37 - 2015-04-17 22:37 - 00072041 _____ () C:\Users\Mel\Downloads\FRST.txt
2015-04-17 22:21 - 2015-04-17 23:52 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-17 22:21 - 2015-04-17 22:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-17 22:01 - 2015-04-17 22:20 - 20589656 _____ () C:\Users\Mel\Downloads\RogueKillerX64.exe
2015-04-17 14:29 - 2015-04-17 14:29 - 00000000 ____D () C:\SUPPORT
2015-04-17 14:29 - 2015-04-17 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revenue Management
2015-04-17 14:28 - 2015-04-17 14:28 - 00000821 _____ () C:\Users\Public\Desktop\Office Hours Professional  Demo.lnk
2015-04-17 14:28 - 2015-04-17 14:28 - 00000810 _____ () C:\Users\Public\Desktop\Medisoft Advanced Demo.lnk
2015-04-17 14:28 - 2015-04-17 14:28 - 00000779 _____ () C:\Users\Public\Desktop\Work Administrator.lnk
2015-04-17 14:28 - 2015-04-17 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medisoft
2015-04-17 14:27 - 2015-04-17 14:28 - 00000000 ____D () C:\Medisoft DEMO
2015-04-17 14:25 - 2015-04-17 14:25 - 00000000 ____D () C:\MediData
2015-04-17 14:24 - 2015-04-17 14:25 - 06163480 _____ () C:\Users\Mel\Downloads\CIMO8e.exe
2015-04-17 11:15 - 2015-04-17 11:15 - 05820916 _____ () C:\Users\Mel\Downloads\CIMO8e.zip
2015-04-16 21:51 - 2015-04-16 21:51 - 00000000 ____D () C:\Users\Mel\AppData\OICE_15_974FA576_32C1D314_24FC
2015-04-16 12:25 - 2015-04-16 12:33 - 00039871 _____ () C:\Users\Mel\Desktop\Addition.txt
2015-04-16 12:24 - 2015-04-18 14:58 - 00026127 _____ () C:\Users\Mel\Desktop\FRST.txt
2015-04-16 12:23 - 2015-04-18 14:58 - 00000000 ____D () C:\FRST
2015-04-16 12:19 - 2015-04-18 08:52 - 02098176 _____ (Farbar) C:\Users\Mel\Desktop\FRST64.exe
2015-04-16 10:55 - 2015-04-16 10:55 - 00000000 ____D () C:\Users\Mel\AppData\Local\Macromedia
2015-04-15 13:35 - 2015-04-18 14:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 13:35 - 2015-04-15 13:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 13:35 - 2015-04-15 13:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 13:35 - 2015-04-15 13:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 13:35 - 2015-04-15 13:35 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-15 01:15 - 2015-04-15 01:15 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 01:15 - 2015-04-15 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-15 01:08 - 2015-04-18 14:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 01:08 - 2015-04-18 12:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 01:08 - 2015-04-15 01:08 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-15 01:08 - 2015-04-15 01:08 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-15 01:04 - 2015-04-15 01:04 - 00002308 _____ () C:\Users\Mel\Downloads\software_removal_tool.log
2015-04-15 00:52 - 2015-04-15 01:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-15 00:47 - 2015-04-15 01:18 - 00000000 ____D () C:\Users\Mel\Desktop\mbar
2015-04-15 00:16 - 2015-04-18 12:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 00:16 - 2015-04-15 00:20 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Mel\Downloads\mbar-1.09.1.1004.exe
2015-04-15 00:16 - 2015-04-15 00:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 00:16 - 2015-04-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 00:15 - 2015-04-15 00:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 00:15 - 2015-04-15 00:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 00:15 - 2015-04-15 00:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 00:15 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-15 00:15 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 00:09 - 2015-04-15 00:12 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Mel\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-14 22:58 - 2015-04-14 22:58 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mel\Downloads\RootkitRevealer.exe
2015-04-14 22:54 - 2015-04-14 22:54 - 00588816 _____ () C:\Users\Mel\Downloads\Autoruns.zip
2015-04-14 22:44 - 2015-04-14 22:55 - 00000000 ____D () C:\Users\Mel\Desktop\rootkit revealer
2015-04-14 22:44 - 2015-04-14 22:44 - 00231390 _____ () C:\Users\Mel\Downloads\RootkitRevealer.zip
2015-04-14 21:32 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:32 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:32 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:32 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:32 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:32 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:32 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:32 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:32 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:32 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:32 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:32 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:32 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:32 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:32 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:32 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:32 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:32 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:32 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:32 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:32 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:32 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:32 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:32 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:32 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:32 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:32 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:32 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:32 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:32 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:32 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:32 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:32 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:32 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:32 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:32 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:32 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:32 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:32 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:32 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:32 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:32 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:32 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:32 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:32 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:32 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:32 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:32 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:32 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:32 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:32 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:32 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:32 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:32 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:32 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:32 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:32 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:31 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 18:05 - 2015-04-14 18:05 - 00000355 _____ () C:\Users\Mel\Desktop\Computer - Shortcut (2).lnk
2015-04-14 17:02 - 2015-04-14 18:39 - 00000000 ____D () C:\Users\Mel\Desktop\backups
2015-04-14 17:02 - 2015-04-14 17:02 - 00012748 _____ () C:\Users\Mel\Desktop\hijackthis.log
2015-04-14 16:59 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 16:59 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 16:59 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 16:59 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 16:59 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 16:59 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 16:59 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 16:57 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 16:57 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 16:57 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 16:57 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 16:56 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 16:56 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 16:51 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 16:51 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:51 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 16:51 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 16:46 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 16:46 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 16:46 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 16:46 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 16:46 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 16:46 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 16:46 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 16:46 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 16:46 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 16:46 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 16:46 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 16:46 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 16:46 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 16:46 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 16:46 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 16:46 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 16:46 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 16:46 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 16:46 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:41 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 16:12 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 16:12 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 16:12 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 16:43 - 2015-04-17 14:30 - 00005928 _____ () C:\ads_err.adt
2015-04-13 16:43 - 2015-04-17 14:30 - 00003072 _____ () C:\ads_err.adi
2015-04-13 16:43 - 2015-04-13 16:43 - 00004136 _____ () C:\ads_err.adm
2015-04-13 16:37 - 2015-04-17 14:27 - 00001563 _____ () C:\Windows\KB893803v2.log
2015-04-13 16:37 - 2015-04-17 14:27 - 00000000 ____D () C:\Medisoft DEMO DEMO
2015-04-13 16:37 - 2015-04-13 16:37 - 00000000 ____D () C:\ProgramData\Medisoft
2015-04-13 16:36 - 2015-04-13 16:36 - 00000000 ____D () C:\Program Files (x86)\Medisoft
2015-04-11 22:08 - 2015-04-11 22:08 - 00000000 ____D () C:\Users\Mel\AppData\OICE_15_974FA576_32C1D314_38CF
2015-04-11 14:32 - 2015-04-18 08:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-11 14:32 - 2015-04-18 08:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-11 14:32 - 2015-04-11 14:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-11 13:55 - 2015-04-11 14:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mel\Downloads\spybot-2.4.exe
2015-04-11 13:41 - 2015-04-11 13:41 - 00000000 ____D () C:\Users\Mel\Downloads\backups
2015-04-11 13:33 - 2015-04-11 13:33 - 00012778 _____ () C:\Users\Mel\Downloads\hijackthis.log
2015-04-11 13:31 - 2015-04-11 13:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mel\Desktop\HijackThis.exe
2015-04-11 13:17 - 2015-04-15 00:36 - 00000000 ____D () C:\Program Files (x86)\IndepthEdit
2015-04-11 13:14 - 2015-04-14 15:15 - 00000020 _____ () C:\Users\Mel\AppData\Roaming\appdataFr3.bin
2015-04-08 22:34 - 2015-04-09 23:05 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\.minecraft
2015-04-08 22:34 - 2015-04-08 22:34 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\java
2015-04-08 22:15 - 2015-04-08 22:33 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-04-08 22:15 - 2015-04-08 22:15 - 00000961 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-04-08 22:15 - 2015-04-08 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-04-08 22:11 - 2015-04-08 22:12 - 02314240 _____ () C:\Users\Mel\Downloads\MinecraftInstaller.msi
2015-04-08 12:05 - 2015-04-11 13:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 21:15 - 2015-04-05 21:15 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 21:15 - 2015-04-05 21:15 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 19:11 - 2015-04-05 19:15 - 00000000 ____D () C:\Users\Mel\Desktop\Camera phone 04-06
2015-03-31 08:42 - 2015-03-31 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-03-31 08:42 - 2015-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-03-29 23:33 - 2015-03-29 23:33 - 00001022 _____ () C:\Users\Public\Desktop\Soda PDF 3D Reader.lnk
2015-03-29 23:32 - 2015-03-29 23:37 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Soda PDF 3D Reader
2015-03-29 23:32 - 2015-03-29 23:32 - 00000000 ____D () C:\ProgramData\LULU Software
2015-03-29 23:31 - 2015-03-30 00:10 - 00000000 ____D () C:\Users\Mel\Documents\Soda PDF Files
2015-03-29 23:31 - 2015-03-29 23:32 - 00000000 ____D () C:\Program Files (x86)\Soda PDF 3D Reader
2015-03-29 23:31 - 2015-03-29 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soda PDF 3D Reader
2015-03-29 23:29 - 2015-03-29 23:29 - 00000000 ____D () C:\ProgramData\Soda PDF 3D Reader
2015-03-29 23:28 - 2015-03-29 23:59 - 00000000 ____D () C:\Users\Mel\Downloads\The Walking Dead Comics 1-134 + Specials
2015-03-29 23:28 - 2015-03-29 23:28 - 05971544 _____ (LULU Software Limited) C:\Users\Mel\Downloads\Soda_3D_7_Installer.exe
2015-03-28 16:38 - 2015-03-28 16:38 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2015-03-28 16:26 - 2015-03-28 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series User Registration
2015-03-28 16:23 - 2015-03-28 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX470 series Manual
2015-03-28 16:09 - 2015-04-09 15:29 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-28 16:09 - 2015-03-28 16:09 - 00000000 ___HD () C:\ProgramData\CanonIJETV
2015-03-28 16:07 - 2015-03-28 16:08 - 50908760 _____ () C:\Users\Mel\Downloads\win-mx470-1_0-ucd.exe
2015-03-20 22:54 - 2015-03-20 22:54 - 00000000 ____D () C:\Users\Mel\AppData\OICE_15_974FA576_32C1D314_3C58
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-18 14:49 - 2014-06-30 10:20 - 00000000 ____D () C:\Users\Mel\AppData\Local\Deployment
2015-04-18 14:49 - 2014-06-30 10:19 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB52D448-0961-4830-9779-72FC4E3589E8}
2015-04-18 14:40 - 2014-06-30 13:00 - 01574161 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 13:52 - 2014-08-17 14:29 - 00000000 ____D () C:\Users\Mel\AppData\Local\LogMeIn Hamachi
2015-04-18 13:49 - 2015-01-12 18:12 - 00000000 ____D () C:\Users\Mel\AppData\Local\Battle.net
2015-04-18 12:56 - 2009-07-14 00:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 12:56 - 2009-07-14 00:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 12:49 - 2014-07-15 08:48 - 00000000 ___RD () C:\Users\Mel\Dropbox
2015-04-18 12:49 - 2014-07-15 08:45 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Dropbox
2015-04-18 12:48 - 2015-01-14 18:49 - 00000000 ____D () C:\Program Files (x86)\Windstream Support Center
2015-04-18 12:48 - 2009-07-14 00:51 - 00146824 _____ () C:\Windows\setupact.log
2015-04-18 12:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 12:46 - 2014-06-30 10:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-18 08:58 - 2010-11-20 23:47 - 00171084 _____ () C:\Windows\PFRO.log
2015-04-18 08:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-04-18 08:27 - 2014-06-30 10:20 - 00118016 _____ () C:\Users\Mel\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 08:26 - 2009-07-14 00:45 - 05076568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 00:37 - 2014-08-31 22:54 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Mumble
2015-04-17 21:48 - 2015-01-08 18:37 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-17 21:48 - 2014-07-01 15:58 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Adobe
2015-04-17 21:47 - 2015-01-08 18:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-17 11:25 - 2012-10-24 16:26 - 06163608 _____ () C:\Users\Mel\Desktop\CIMO8e.exe
2015-04-17 11:05 - 2014-06-30 10:10 - 00000000 ____D () C:\Users\Mel\AppData\Local\VirtualStore
2015-04-17 08:36 - 2015-01-08 18:37 - 00000000 ____D () C:\Users\Mel\AppData\Local\Adobe
2015-04-17 01:10 - 2015-01-18 23:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-17 01:10 - 2015-01-18 23:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 01:10 - 2015-01-18 23:24 - 00000000 ____D () C:\Program Files (x86)\Office15
2015-04-16 13:04 - 2014-08-05 01:33 - 00111526 _____ () C:\Users\Mel\Desktop\New Text Document (2).txt
2015-04-16 12:49 - 2014-07-27 09:15 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\uTorrent
2015-04-15 03:04 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-15 01:15 - 2014-06-30 10:20 - 00000000 ____D () C:\Users\Mel\AppData\Local\Google
2015-04-15 01:15 - 2014-06-30 10:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-15 00:36 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2015-04-15 00:36 - 2009-07-14 01:08 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 23:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-14 23:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-14 19:15 - 2014-12-19 14:36 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-14 19:15 - 2014-06-30 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-14 19:00 - 2014-06-30 10:48 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 19:00 - 2009-07-14 01:13 - 00773912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-14 18:58 - 2014-06-30 11:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 18:52 - 2014-06-30 11:56 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 15:28 - 2014-07-01 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-14 15:28 - 2014-07-01 14:38 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-14 15:28 - 2014-06-30 10:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-12 13:40 - 2015-01-08 18:14 - 00000000 ____D () C:\Program Files\Canon
2015-04-12 13:40 - 2015-01-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-04-12 02:01 - 2014-12-29 01:17 - 00000000 ____D () C:\Users\Mel\AppData\Local\Plex Media Server
2015-04-11 20:22 - 2015-02-11 14:09 - 00000000 ____D () C:\Users\Mel\AppData\Local\AddLive_v3
2015-04-11 13:43 - 2014-07-01 19:35 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Skype
2015-04-09 22:12 - 2014-07-15 08:48 - 00001009 _____ () C:\Users\Mel\Desktop\Dropbox.lnk
2015-04-09 22:12 - 2014-07-15 08:46 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 21:13 - 2014-11-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 18:23 - 2015-01-12 18:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 16:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-06 22:32 - 2014-07-02 08:13 - 00000000 ____D () C:\Users\Mel\AppData\Roaming\vlc
2015-04-06 20:44 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Mel\Desktop\School
2015-04-06 20:14 - 2015-01-12 18:16 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-31 08:42 - 2014-08-17 14:28 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-03-30 15:25 - 2014-09-04 11:15 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-03-29 13:02 - 2014-06-30 10:10 - 00000000 ____D () C:\Users\Mel
2015-03-28 16:26 - 2015-01-08 18:19 - 00002025 _____ () C:\Users\Public\Desktop\Canon Quick Menu.lnk
2015-03-28 16:26 - 2015-01-08 18:19 - 00000000 ____D () C:\ProgramData\CanonIJWSpt
2015-03-28 16:26 - 2015-01-08 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-03-28 16:23 - 2015-01-08 18:14 - 00002358 _____ () C:\Users\Public\Desktop\Canon MX470 series On-screen Manual.lnk
2015-03-20 12:21 - 2014-10-16 03:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-20 12:21 - 2014-07-01 19:35 - 00000000 ____D () C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2015-04-11 13:14 - 2015-04-14 15:15 - 0000020 _____ () C:\Users\Mel\AppData\Roaming\appdataFr3.bin
2014-08-26 20:49 - 2014-08-26 20:49 - 0000008 _____ () C:\Users\Mel\AppData\Roaming\Lucid_player_highscore.dat
2014-08-26 20:49 - 2014-08-26 20:49 - 0000212 _____ () C:\Users\Mel\AppData\Roaming\Lucid_player_profiles_data.dat
2014-07-03 10:34 - 2014-09-03 11:16 - 0010752 _____ () C:\Users\Mel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some content of TEMP:
====================
C:\Users\Mel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7a4qmw.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 16:09
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Looks Good....just clean these up:

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

If there's no other problems...........

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.