Jump to content

Help with PUM.Bad.Proxy removal


Recommended Posts

Pasting FRST file, and attaching "Addition.txt". Will wait for next step.

Thanks!

-Dan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Dan (administrator) on DAN-PC on 03-05-2015 19:08:33
Running from C:\Users\Dan\Downloads
Loaded Profiles: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Alfasistem Memory\privoxy.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe
(CoralTree, Inc.) C:\Users\Dan\AppData\Local\Apps\2.0\VZ2OG60G.9MZ\3CYNHKQJ.6PK\qbox..tion_c7c5fb3875c039a3_0003.0009_08cb4749d3346cec\QBoxClient.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-12-20] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [321080 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\...\Run: [Qbox Client] => C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoralTree, Inc.\Qbox Client.appref-ms
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\...\Run: [Google Update] => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\...\RunOnce: [Adobe Speed Launcher] => 1430614157
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2011-03-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2014-12-20]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2010-12-08]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2011-03-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {664CCD9E-2CD4-409A-88FE-CE1DD5904637} => C:\Windows\System32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {664CCD9E-2CD4-409A-88FE-CE1DD5904637} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [s-1-5-21-619428708-3199385476-2217630087-1001] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-619428708-3199385476-2217630087-1001] => 127.0.0.1:8118
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-619428708-3199385476-2217630087-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-619428708-3199385476-2217630087-1001 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_04_other&cd=2XzuyEtN2Y1L1QzutDtDtBtAzz0Bzy0B0CyDtC0DtBtAyC0BtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyCzy0B0ByD0CyDtGtBzy0EtDtG0AyDtCyCtGzy0FyByBtGyCzzzz0A0E0ByB0A0CyB0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBzy0C0ByBtC0BtGyC0Czz0AtGyEtA0AtAtGzyyC0F0CtG0DtDyEyDyDyEzz0DtBtByDtC2Q&cr=1257957000&ir=
SearchScopes: HKU\S-1-5-21-619428708-3199385476-2217630087-1001 -> {19F98E3A-0D07-429B-AC81-0B0BA016A036} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-619428708-3199385476-2217630087-1001 -> {C7B0F4EF-6CE9-48B7-B504-FED52B7E8A6E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=541231&p={searchTerms}
SearchScopes: HKU\S-1-5-21-619428708-3199385476-2217630087-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_04_other&cd=2XzuyEtN2Y1L1QzutDtDtBtAzz0Bzy0B0CyDtC0DtBtAyC0BtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyCzy0B0ByD0CyDtGtBzy0EtDtG0AyDtCyCtGzy0FyByBtGyCzzzz0A0E0ByB0A0CyB0F0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBzy0C0ByBtC0BtGyC0Czz0AtGyEtA0AtAtGzyyC0F0CtG0DtDyEyDyDyEzz0DtBtByDtC2Q&cr=1257957000&ir=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-27] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-30] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-30] (RealDownloader)
BHO-x32: No Name -> {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} ->  No File
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
DPF: HKLM-x32 {B66A992D-C262-496E-8328-2F14FD80443A} https://qbo.intuit.com/c1/v41.194/qboimax7.cab
DPF: HKLM-x32 {D0659405-AD2E-4195-B67E-8B3AC42D763E} https://qbo.intuit.com/c1/v60.147/qboax11.cab
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-03] (Intuit, Inc.)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2013-11-08] (Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://oaklandnorth.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-30] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-619428708-3199385476-2217630087-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Dan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-619428708-3199385476-2217630087-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-619428708-3199385476-2217630087-1001: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-619428708-3199385476-2217630087-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-619428708-3199385476-2217630087-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\user.js [2015-04-27]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-01-07] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\searchplugins\google-default.xml [2014-12-20]
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\searchplugins\google-images.xml [2014-12-20]
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\searchplugins\googlemaps.xml [2014-12-20]
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\searchplugins\googletranslate.xml [2014-12-20]
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\searchplugins\imdb.xml [2014-12-20]
FF SearchPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\searchplugins\youtube.xml [2014-12-20]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\Extensions\iobitascsurfingprotection@iobit.com [2015-04-27]
FF Extension: Adblock Plus - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\mem947n0.default-1419127741898\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-02-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-12-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-19]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\03a344e58627c869eb013b9f23e96b77 [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-17]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/calendar/render"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkdehgifkgjdcdlbfkjnmaeagepfbgp [2015-04-24]
CHR Extension: (Google Drive) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-07-10]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-24]
CHR Extension: (Adblock Plus) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-24]
CHR Extension: (Google Search) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-24]
CHR Extension: (Google Calendar) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-06-24]
CHR Extension: (Jack Spade) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfhcemponaaoollhcoebkpajgdamieo [2014-02-02]
CHR Extension: (Bookmark Manager) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-24]
StartMenuInternet: Google Chrome - C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1227776 2012-04-12] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-04-27] (IObit)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55040 2014-10-31] (Mozy, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PrivoxyService; C:\Program Files (x86)\Alfasistem Memory\privoxy.exe [371200 2015-04-24] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339968 2014-12-20] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-09] (REALiX)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [129752 2015-05-03] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [69320 2014-10-31] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-03-09] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-12-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dvtrhtsq; \??\C:\Windows\system32\drivers\dvtrhtsq.sys [X]
S1 irsjezcw; \??\C:\Windows\system32\drivers\irsjezcw.sys [X]
S1 mbrxedxm; \??\C:\Windows\system32\drivers\mbrxedxm.sys [X]
S1 mewgvoiu; \??\C:\Windows\system32\drivers\mewgvoiu.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 19:08 - 2015-05-03 19:09 - 00034150 _____ () C:\Users\Dan\Downloads\FRST.txt
2015-05-03 19:08 - 2015-05-03 19:08 - 00000000 ____D () C:\FRST
2015-05-03 19:07 - 2015-05-03 19:07 - 02101248 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2015-05-03 18:35 - 2015-05-03 18:35 - 00003266 _____ () C:\Windows\System32\Tasks\Alfasistem Memory Viewer
2015-05-02 17:47 - 2015-05-02 17:47 - 00005070 _____ () C:\Windows\PFRO.log
2015-05-02 17:47 - 2015-05-02 17:47 - 00000056 _____ () C:\Windows\setupact.log
2015-05-02 17:47 - 2015-05-02 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-02 17:46 - 2015-05-02 17:46 - 107737088 _____ () C:\Windows\system32\config\software.iodefrag.bak
2015-05-02 17:46 - 2015-05-02 17:46 - 01306624 _____ () C:\Windows\system32\config\default.iodefrag.bak
2015-05-02 17:46 - 2015-05-02 17:46 - 00028672 _____ () C:\Windows\system32\config\security.iodefrag.bak
2015-05-02 17:46 - 2015-05-02 17:46 - 00024576 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2015-05-02 17:46 - 2015-05-02 17:46 - 00000000 ____H () C:\asc_rdflag
2015-04-30 14:14 - 2015-04-30 14:14 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Dan\Downloads\Support-LogMeInRescue (1).exe
2015-04-30 13:05 - 2015-04-30 13:06 - 01532224 _____ (LogMeIn, Inc.) C:\Users\Dan\Downloads\Support-LogMeInRescue.exe
2015-04-27 12:13 - 2015-04-27 12:13 - 00003176 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-04-27 12:12 - 2015-04-27 12:12 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-27 12:11 - 2015-05-02 11:40 - 00002181 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-04-27 12:11 - 2015-05-02 11:40 - 00002181 _____ () C:\ProgramData\Desktop\Advanced SystemCare 8.lnk
2015-04-27 12:11 - 2015-04-27 12:11 - 00002864 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Dan
2015-04-27 12:11 - 2015-04-27 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-04-27 12:09 - 2015-04-27 12:09 - 00001252 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-04-27 12:09 - 2015-04-27 12:09 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-04-27 12:09 - 2015-04-27 12:09 - 00001228 _____ () C:\ProgramData\Desktop\IObit Uninstaller.lnk
2015-04-27 12:08 - 2015-04-27 12:09 - 15895328 _____ (IObit) C:\Users\Dan\Downloads\iobituninstaller(1).exe
2015-04-27 11:59 - 2015-04-15 08:32 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-04-27 11:59 - 2015-04-15 08:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-24 17:18 - 2015-04-24 17:18 - 00002344 _____ () C:\Users\Dan\Desktop\Chrome App Launcher.lnk
2015-04-24 11:31 - 2015-04-24 12:14 - 00000000 ____D () C:\Users\Dan\AppData\Local\Updater
2015-04-24 11:31 - 2015-04-24 12:14 - 00000000 ____D () C:\Program Files (x86)\Alfasistem Memory
2015-04-24 11:31 - 2015-04-24 11:31 - 00003320 _____ () C:\Windows\System32\Tasks\Malware Cleaner
2015-04-24 11:31 - 2015-04-24 11:31 - 00003254 _____ () C:\Windows\System32\Tasks\Security Defrag
2015-04-24 11:31 - 2015-04-24 11:31 - 00000000 _____ () C:\Users\Dan\AppData\Roaming\6E9E.tmp
2015-04-23 17:36 - 2015-04-23 17:36 - 00005632 _____ () C:\Users\Dan\Downloads\report3 (1).xls
2015-04-23 17:33 - 2015-04-23 17:33 - 00009216 _____ () C:\Users\Dan\Downloads\report2 (3).xls
2015-04-23 17:28 - 2015-04-23 17:28 - 00019456 _____ () C:\Users\Dan\Downloads\report1 (8).xls
2015-04-23 17:18 - 2015-04-23 17:18 - 00017408 _____ () C:\Users\Dan\Downloads\report1 (7).xls
2015-04-23 16:21 - 2015-04-23 16:21 - 00008192 _____ () C:\Users\Dan\Downloads\report2 (2).xls
2015-04-23 16:19 - 2015-04-23 16:19 - 00008192 _____ () C:\Users\Dan\Downloads\report1 (6).xls
2015-04-23 16:11 - 2015-04-23 16:11 - 00010240 _____ () C:\Users\Dan\Downloads\report1 (5).xls
2015-04-23 16:05 - 2015-04-23 16:05 - 00009216 _____ () C:\Users\Dan\Downloads\report1 (4).xls
2015-04-19 00:16 - 2015-04-19 00:16 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-04-19 00:16 - 2015-04-19 00:16 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-04-18 14:06 - 2015-04-18 14:06 - 00109706 _____ () C:\Users\Dan\Downloads\batastatementView.do
2015-04-18 14:06 - 2015-04-18 14:06 - 00109706 _____ () C:\Users\Dan\Downloads\batastatementView(1).do
2015-04-16 16:22 - 2015-04-16 16:22 - 00007265 _____ () C:\Users\Dan\Downloads\print(6)
2015-04-16 14:42 - 2015-04-16 14:42 - 00007307 _____ () C:\Users\Dan\Downloads\print(5)
2015-04-16 14:40 - 2015-04-16 14:40 - 00013407 _____ () C:\Users\Dan\Downloads\print(4)
2015-04-15 08:44 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 08:44 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 08:44 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 08:44 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 08:44 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 08:44 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 08:44 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 08:44 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 08:44 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 08:44 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 08:44 - 2015-03-22 20:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:44 - 2015-03-22 20:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:44 - 2015-03-22 20:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:44 - 2015-03-22 20:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:44 - 2015-03-22 20:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:44 - 2015-03-22 20:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 08:44 - 2015-03-22 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:44 - 2015-03-22 20:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 08:44 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 08:44 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 08:44 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 08:44 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 08:44 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 08:44 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 08:44 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 08:44 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 08:44 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 08:44 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 08:44 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 08:44 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 08:44 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 08:44 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 08:44 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 08:44 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 08:44 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 08:44 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 08:44 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 08:43 - 2015-04-01 17:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 08:43 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 08:43 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 08:43 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 08:43 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 08:43 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 08:43 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 08:43 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 08:43 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 08:43 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 08:43 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 08:43 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 08:43 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 08:43 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 08:43 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 08:43 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 08:43 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 08:43 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 08:43 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 08:43 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 08:43 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 08:43 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 08:43 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 08:43 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 08:43 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 08:43 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 08:43 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 08:43 - 2015-03-12 21:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 08:43 - 2015-03-12 21:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 08:43 - 2015-03-12 21:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 08:43 - 2015-03-12 20:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 08:43 - 2015-03-12 20:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 08:43 - 2015-03-12 20:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 08:43 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 08:43 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 08:43 - 2015-03-12 20:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 08:43 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 08:43 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 08:43 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 08:43 - 2015-03-12 20:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 08:43 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 08:43 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 08:43 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 08:43 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 08:43 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 08:43 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 08:43 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 08:43 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 08:43 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 08:43 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 08:43 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 08:43 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 08:43 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 08:43 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 08:43 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 08:43 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 08:43 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 08:43 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 08:43 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 08:43 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 08:43 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 08:43 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 08:43 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 08:43 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 08:42 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 08:42 - 2015-03-12 21:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 08:42 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 08:42 - 2015-03-12 21:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 08:42 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 08:42 - 2015-03-12 21:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 08:42 - 2015-03-12 21:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 08:42 - 2015-03-12 20:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 08:42 - 2015-03-12 20:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 08:42 - 2015-03-12 20:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 08:42 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 08:42 - 2015-03-12 20:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 08:42 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 08:42 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 08:42 - 2015-03-12 20:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 08:42 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 08:42 - 2015-03-12 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 08:42 - 2015-03-12 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 08:42 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 08:42 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 08:42 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 08:42 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 08:42 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 08:42 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 08:42 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 08:42 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 08:41 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 08:41 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 08:41 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 08:35 - 2015-04-15 08:35 - 00000000 _____ () C:\Windows\SysWOW64\REN869C.tmp
2015-04-14 23:25 - 2015-04-15 08:25 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-12 11:24 - 2015-04-12 11:24 - 03055352 _____ (Dominik Reichl ) C:\Users\Dan\Downloads\KeePass-2.29-Setup.exe
2015-04-09 12:37 - 2015-04-09 12:37 - 00007288 _____ () C:\Users\Dan\Downloads\print(3)
2015-04-09 11:34 - 2015-04-09 11:34 - 00007289 _____ () C:\Users\Dan\Downloads\print(2)
2015-04-09 11:33 - 2015-04-09 11:33 - 00002432 _____ () C:\Users\Dan\Downloads\printsample
2015-04-09 11:32 - 2015-04-09 11:32 - 00007289 _____ () C:\Users\Dan\Downloads\print(1)
2015-04-09 11:23 - 2015-04-09 11:23 - 00007219 _____ () C:\Users\Dan\Downloads\print
2015-04-06 22:57 - 2015-04-06 22:57 - 05344528 _____ (Piriform Ltd) C:\Users\Dan\Downloads\ccsetup504.exe
2015-04-04 18:13 - 2015-04-04 18:14 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 18:13 - 2015-04-04 18:13 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 15:51 - 2015-04-04 15:51 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Oracle
2015-04-04 15:43 - 2015-04-04 15:43 - 00561064 _____ (Oracle Corporation) C:\Users\Dan\Downloads\jxpiinstall.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-03 18:57 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 18:56 - 2013-01-05 18:28 - 00000234 _____ () C:\Windows\system32\deviceAppeared.txt
2015-05-03 18:44 - 2014-04-02 08:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-03 18:37 - 2011-05-12 18:03 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{564D72BA-7610-46E0-B30B-C20593656F36}
2015-05-03 18:34 - 2014-12-20 20:48 - 02061394 _____ () C:\Windows\WindowsUpdate.log
2015-05-03 18:34 - 2013-01-09 08:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-03 18:34 - 2011-06-04 13:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 02:44 - 2014-10-31 12:11 - 00003810 _____ () C:\Windows\mozy.blk
2015-05-03 02:44 - 2014-10-31 12:11 - 00003548 _____ () C:\Windows\mozy.flt
2015-05-02 23:55 - 2011-06-04 13:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 23:45 - 2011-01-03 18:47 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619428708-3199385476-2217630087-1001Core.job
2015-05-02 17:58 - 2009-07-13 21:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:58 - 2009-07-13 21:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:49 - 2013-12-15 22:40 - 00000000 ____D () C:\Users\Dan\AppData\Local\Deployment
2015-05-02 17:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 12:22 - 2011-08-22 11:00 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\KeePass
2015-05-02 11:37 - 2010-12-06 17:29 - 00000000 ____D () C:\Users\Dan
2015-05-02 10:42 - 2012-05-24 08:48 - 00000000 ___SD () C:\Users\Dan\Stash
2015-04-27 12:13 - 2013-11-24 01:17 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-27 12:11 - 2011-02-10 09:35 - 00000000 ____D () C:\ProgramData\IObit
2015-04-27 12:11 - 2010-12-08 11:22 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\IObit
2015-04-27 12:11 - 2010-12-08 11:22 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-27 12:09 - 2014-12-20 22:48 - 00002896 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Dan
2015-04-27 12:01 - 2012-09-01 11:48 - 00000000 ____D () C:\Program Files\Java
2015-04-27 11:59 - 2010-12-07 23:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-27 11:09 - 2010-12-08 00:47 - 00000000 ____D () C:\Users\Dan\Documents\Receipts etc (delete monthly)
2015-04-24 17:18 - 2012-06-24 10:18 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-24 16:22 - 2015-02-10 22:10 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-619428708-3199385476-2217630087-1001
2015-04-24 16:22 - 2015-02-10 22:10 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-619428708-3199385476-2217630087-1001
2015-04-24 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SchCache
2015-04-24 11:35 - 2010-12-07 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 11:32 - 2011-05-12 12:58 - 00001355 _____ () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-24 11:07 - 2012-07-12 23:21 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\MediaMonkey
2015-04-22 20:08 - 2010-12-08 00:48 - 00000000 ____D () C:\Users\Dan\Documents\Misc
2015-04-19 09:32 - 2014-12-20 22:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
2015-04-19 09:32 - 2011-03-12 13:52 - 00000000 ____D () C:\Program Files\MozyHome
2015-04-19 09:32 - 2010-12-08 20:22 - 00000000 ____D () C:\ProgramData\Temp
2015-04-19 00:45 - 2014-12-20 22:49 - 00002146 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-04-19 00:45 - 2014-12-20 22:49 - 00002146 _____ () C:\ProgramData\Desktop\Driver Booster 2.lnk
2015-04-19 00:16 - 2013-10-27 22:24 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-04-19 00:04 - 2014-12-20 22:50 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Dan)
2015-04-16 17:21 - 2015-01-08 09:27 - 00015326 _____ () C:\Users\Dan\Documents\Scratch Pad.xlsx
2015-04-15 14:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 10:32 - 2014-12-10 21:12 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 10:32 - 2014-05-08 10:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 10:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 09:39 - 2011-01-26 00:48 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 09:37 - 2013-07-29 23:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 09:27 - 2010-12-06 17:51 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 08:33 - 2014-11-13 22:51 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-15 08:33 - 2014-11-13 22:51 - 00207272 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-15 08:33 - 2014-11-13 22:51 - 00206760 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-15 08:33 - 2014-11-13 22:51 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-15 08:32 - 2014-08-07 09:18 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-04-15 08:32 - 2014-08-07 09:18 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-04-15 08:25 - 2013-01-09 08:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 08:25 - 2012-04-30 23:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:25 - 2011-05-25 21:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 00:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-12 11:25 - 2014-12-20 21:52 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-04-12 11:25 - 2014-12-20 21:52 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-04-10 11:30 - 2011-06-10 01:31 - 00000392 _____ () C:\Windows\Tasks\Defraggler Volume C Task.job
2015-04-09 21:36 - 2014-12-21 14:24 - 00000000 ____D () C:\Users\Dan\AppData\Local\CrashDumps
2015-04-08 23:16 - 2011-02-27 15:02 - 00000000 ____D () C:\Users\Dan\Documents\Personal Finance
2015-04-06 22:59 - 2011-05-12 12:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-06 22:59 - 2011-05-12 12:22 - 00000822 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2015-04-06 22:59 - 2011-05-12 12:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-04 15:47 - 2013-10-21 07:12 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-04 11:23 - 2010-12-07 21:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== Files in the root of some directories =======

2015-04-24 11:31 - 2015-04-24 11:31 - 0000000 _____ () C:\Users\Dan\AppData\Roaming\6E9E.tmp
2011-01-14 13:17 - 2011-02-11 12:01 - 0001854 _____ () C:\Users\Dan\AppData\Roaming\GhostObjGAFix.xml
2014-03-21 20:14 - 2014-03-21 20:14 - 0000000 _____ () C:\Users\Dan\AppData\Roaming\SharedSettings.ccs
2015-01-19 16:55 - 2015-01-19 20:56 - 0000064 _____ () C:\Users\Dan\AppData\Roaming\WB.CFG
2010-12-08 20:40 - 2010-12-08 20:40 - 0000000 _____ () C:\Users\Dan\AppData\Local\AtStart.txt
2010-12-27 23:15 - 2011-04-14 07:29 - 0008192 _____ () C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-08 20:40 - 2010-12-08 20:40 - 0000000 _____ () C:\Users\Dan\AppData\Local\DSwitch.txt
2014-03-21 20:16 - 2014-03-21 20:16 - 0012326 _____ () C:\Users\Dan\AppData\Local\iobnllgd
2010-12-08 20:40 - 2010-12-08 20:40 - 0000000 _____ () C:\Users\Dan\AppData\Local\QSwitch.txt
2011-03-31 01:29 - 2013-10-24 23:01 - 0007600 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2011-05-11 07:55 - 2011-05-11 11:24 - 0010558 ___SH () C:\Users\Dan\AppData\Local\w16881c6hpf6
2014-03-21 20:15 - 2014-03-21 20:15 - 0068465 _____ () C:\Users\Dan\AppData\Local\xjtumvbv
2010-12-08 23:17 - 2010-12-08 23:17 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-05-11 07:55 - 2011-05-11 11:24 - 0010558 ___SH () C:\ProgramData\w16881c6hpf6

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-26 14:04

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



Can you upload FRST.txt report too?
 

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 

Download attached fixlist.txt file and save it to the Desktop:

 

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

 


51a612a8b27e2-Zoek.png Scan with ZOEK

 

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.