Jump to content

Girlfriend's (and my) pc - possible infection


Jetter

Recommended Posts

So I am using this pc that I built  and not noticing any problems at the moment.

 

The reason that I am posting is that, last night, while I was away, my girlfriend reported that she was on Facebook and clicked on something and then the internet kept going out and then pc was rebooting by itself a few times until she shut it down altogether.

 

PC behaving ok now but I don't trust what may have happened after the reboot.

 

Just want to check it.

 

Have Malwarebytes premium version, ran a scan and then Farbar.

 

Here are the logs.  If anyone can check them we would be very grateful.

 

Thank you very much.

 

Jetter

 

*********************************************************************************************************

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/28/2016
Scan Time: 5:30 PM
Logfile: MBAM_Scan_Jan_28_2016.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.28.06
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342983
Time Elapsed: 3 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

_________________________________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Marie (administrator) on MARIE-PC (28-01-2016 17:36:34)
Running from C:\Users\Marie\Downloads
Loaded Profiles: Marie (Available Profiles: Marie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\ASGT.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Spotify Ltd) C:\Users\Marie\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\Marie\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2015-06-23] (Realtek Semiconductor)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [startCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [Amazon Music] => C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-11-18] ()
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [spotify Web Helper] => C:\Users\Marie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-11-01] (Spotify Ltd)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [bingSvc] => C:\Users\Marie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-27] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-11-27]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-01-28]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A55B7308-EEE5-4804-A028-052CAC0D1668}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U351&ocid=U351DHP&osmkt=en-us
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3777090084-4234919361-3576393612-1000: SkypePlugin -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3777090084-4234919361-3576393612-1000: SkypePlugin64 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF Extension: Smplayer context menu - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\smplayerplaylist@luperrouch.fr.xpi [2015-06-17]
FF Extension: Link-It - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\link-it@martinandtony.com.xpi [2015-06-17]
FF Extension: MEGA EXTENSION - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\firefox@mega.co.nz.xpi [2015-06-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-06-17]
FF Extension: Wired-Marker - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2015-06-17]
FF Extension: FxIF - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2015-07-30]
FF Extension: TinEye Reverse Image Search - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\tineye@ideeinc.com.xpi [2015-08-27]
FF Extension: FireShot - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-01-08]
FF Extension: Ghostery - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\firefox@ghostery.com.xpi [2015-12-31]
FF Extension: TrashMail.com - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\spam@trashmail.net.xpi [2015-06-17]
FF Extension: Adblock Plus - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2015-07-29] [not signed]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-27]
CHR Extension: (Google Docs) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Google Drive) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-27]
CHR Extension: (MSN Homepage) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 17:36 - 2016-01-28 17:36 - 00018057 _____ C:\Users\Marie\Downloads\FRST.txt
2016-01-28 17:35 - 2016-01-28 17:35 - 00001070 _____ C:\Users\Marie\Desktop\MBAM_Scan_Jan_28_2016.txt
2016-01-28 16:52 - 2016-01-28 17:36 - 00000000 ____D C:\FRST
2016-01-28 16:52 - 2016-01-28 16:52 - 02370560 _____ (Farbar) C:\Users\Marie\Downloads\FRST64.exe
2016-01-28 14:45 - 2016-01-28 14:45 - 00000000 ___RD C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-27 22:32 - 2016-01-28 16:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-27 22:32 - 2016-01-27 22:33 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-27 22:32 - 2016-01-27 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-27 22:32 - 2016-01-27 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-27 22:32 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-27 22:32 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-27 22:32 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-25 19:21 - 2016-01-25 19:21 - 00000060 _____ C:\Users\Marie\Documents\Marie Google account.txt
2016-01-20 22:00 - 2016-01-20 21:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-01-20 21:59 - 2016-01-20 21:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-14 15:53 - 2016-01-14 15:53 - 00194221 _____ C:\Users\Marie\Desktop\Consumers.pdf
2016-01-13 04:02 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 04:02 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 04:02 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 04:02 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 04:02 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 04:02 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 04:02 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 04:02 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 04:02 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 04:02 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 04:02 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 04:02 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 04:02 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 04:02 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 04:02 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 04:02 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 04:02 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 04:02 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 04:02 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 04:02 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 04:02 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 04:02 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 04:02 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 04:02 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 04:02 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 04:02 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 04:02 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 04:02 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 04:02 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 04:02 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 04:02 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 04:02 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 04:02 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 04:02 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 04:02 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 04:02 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 04:02 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 04:02 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 04:02 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 04:02 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 04:02 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 04:02 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 04:02 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 04:02 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 04:02 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 04:02 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 04:02 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 04:02 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 04:02 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 04:02 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 04:02 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 04:02 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 04:02 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 04:02 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 04:02 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 04:02 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 04:02 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 04:02 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 04:02 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 04:02 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 04:02 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 04:02 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 04:02 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 04:02 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 04:02 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 04:02 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 04:02 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 04:02 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 04:02 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 04:02 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 04:02 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 04:02 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 04:02 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 04:02 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 04:02 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 04:02 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 04:02 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 04:02 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 04:02 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 04:01 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 04:01 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 04:01 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 04:01 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 04:01 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 04:01 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 04:01 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 04:01 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 04:01 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 04:01 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 04:01 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 04:01 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 04:01 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 04:01 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 04:01 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 04:01 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 04:01 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 04:01 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 04:01 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 04:01 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 04:01 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 04:01 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 04:01 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 04:01 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 04:01 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 04:01 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 04:01 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 04:01 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 04:01 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 04:01 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 04:01 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 04:01 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 04:01 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 04:01 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 04:01 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 04:01 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 04:01 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 04:01 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 04:01 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-07 04:26 - 2016-01-08 05:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 12:37 - 2016-01-06 12:37 - 00000326 _____ C:\Users\Marie\Desktop\HP Printer Diagnostic Tools.url
2016-01-04 06:06 - 2016-01-04 06:06 - 00000095 _____ C:\Users\Marie\Documents\Marie_Steam_Account.txt
2016-01-04 02:35 - 2016-01-04 02:35 - 00000222 _____ C:\Users\Marie\Desktop\Tomb Raider.url
2016-01-04 02:35 - 2016-01-04 02:35 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-04 02:28 - 2016-01-04 02:28 - 00000000 ____D C:\Users\Marie\AppData\Local\Steam
2016-01-04 02:27 - 2016-01-28 14:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-04 02:27 - 2016-01-04 02:27 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-04 02:27 - 2016-01-04 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-04 02:25 - 2016-01-04 02:25 - 00002211 _____ C:\Users\Marie\Downloads\Tomb_Raider_Download.html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 17:27 - 2015-12-14 03:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-28 16:48 - 2015-10-15 00:55 - 00000000 ____D C:\Users\Marie\AppData\Local\CrashDumps
2016-01-28 16:47 - 2015-08-27 22:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 16:34 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-28 16:34 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-28 15:03 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-28 15:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-28 14:46 - 2015-12-18 07:05 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Raptr
2016-01-28 14:45 - 2015-08-27 22:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 14:45 - 2015-08-07 19:12 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Skype
2016-01-28 14:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 15:51 - 2015-09-29 13:35 - 00000000 ____D C:\Users\Marie\Documents\4329
2016-01-27 02:10 - 2015-08-21 18:18 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarie
2016-01-27 02:10 - 2015-08-21 18:18 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMarie.job
2016-01-25 00:35 - 2015-06-21 17:09 - 00000000 ____D C:\Users\Marie\AppData\Local\PokerStars.NET
2016-01-20 22:00 - 2015-11-04 15:07 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 22:00 - 2015-07-15 12:23 - 00000000 ____D C:\Program Files\Java
2016-01-20 22:00 - 2015-06-17 14:47 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 22:00 - 2015-06-17 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 21:59 - 2015-08-27 06:12 - 00000000 ____D C:\Users\Marie\.oracle_jre_usage
2016-01-20 21:59 - 2015-07-15 12:23 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-19 14:27 - 2015-12-14 03:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 14:27 - 2015-06-16 22:01 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 14:27 - 2015-06-16 22:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-18 21:20 - 2015-06-17 12:43 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-01-18 21:20 - 2015-06-17 12:43 - 00001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-01-18 21:20 - 2015-06-17 12:43 - 00000000 ____D C:\Program Files\paint.net
2016-01-18 21:17 - 2015-06-16 21:20 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-15 20:00 - 2015-08-07 19:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 02:42 - 2015-06-25 22:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 02:42 - 2015-06-25 22:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 20:48 - 2015-08-27 22:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-13 14:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 12:55 - 2015-12-23 10:22 - 00000000 ____D C:\Users\Marie\AppData\Roaming\HpUpdate
2016-01-13 12:50 - 2009-07-13 23:45 - 00299000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 12:18 - 2015-06-16 23:47 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 12:18 - 2015-06-16 23:47 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 12:17 - 2015-06-16 21:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 14:14 - 2009-07-14 00:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-08 05:46 - 2015-06-17 01:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 16:30 - 2015-10-14 15:23 - 00000000 ____D C:\ProgramData\Atheros
2016-01-05 16:30 - 2015-06-17 02:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-05 16:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-05 13:31 - 2015-06-16 20:51 - 00000000 ____D C:\Users\Marie
2016-01-04 02:23 - 2015-06-17 23:13 - 00000000 ____D C:\Users\Marie\AppData\Local\Amazon Music

==================== Files in the root of some directories =======

2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\Marie\AppData\Local\setup.txt
2015-06-17 13:14 - 2015-06-17 13:14 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Marie\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Marie\AppData\Local\Temp\BingSvc.exe
C:\Users\Marie\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Marie\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Marie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Marie\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Marie\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Marie\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Marie\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Marie\AppData\Local\Temp\radeon-crimson-15.12-minimalsetup.exe
C:\Users\Marie\AppData\Local\Temp\raptrpatch.exe
C:\Users\Marie\AppData\Local\Temp\raptr_stub.exe
C:\Users\Marie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 00:27

==================== End of FRST.txt ============================

 

_________________________________________________________________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Marie (2016-01-28 17:36:46)
Running from C:\Users\Marie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-06-17 01:51:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3777090084-4234919361-3576393612-500 - Administrator - Disabled)
Guest (S-1-5-21-3777090084-4234919361-3576393612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3777090084-4234919361-3576393612-1002 - Limited - Enabled)
Marie (S-1-5-21-3777090084-4234919361-3576393612-1000 - Administrator - Enabled) => C:\Users\Marie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Magnum Slots Collection (HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Magnum Slots Collection) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3777090084-4234919361-3576393612-1000_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3777090084-4234919361-3576393612-1000_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3777090084-4234919361-3576393612-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {244D58D2-1040-4C8E-BA79-9ED11AC6189B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2D4352F6-1BC0-4D79-8F6B-636877D3204F} - System32\Tasks\{473E2699-D2B1-4651-A2F4-2C1EE02DA5C7} => C:\Program Files (x86)\Magnum Slots Collection\Magnum Slots Collection.exe [2014-04-06] (                                                                                                    )
Task: {3580D7CA-6793-4C5F-9CAC-F00AC9BA7A89} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {440477AC-7CD3-4633-B70A-B79145AF7060} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {565D3B24-3DB1-46D7-A515-45816BD62CD2} - System32\Tasks\Amazon Music Helper => C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-11-18] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {61D84989-E4FB-4386-A628-55C998194D8F} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {994AA8DB-2A96-4E66-9FB5-6F52B52E3892} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {9C94278A-EDAC-4CCA-87C6-05FD34114D28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {C4D3C871-FEB5-471A-B052-6AD6C9298616} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D497437D-4E97-41A4-9E50-374B9835A45B} - System32\Tasks\HPCeeScheduleForMarie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DB84A63E-3D96-497D-9C56-935633A86559} - System32\Tasks\{8C266A01-1EC1-40E4-93E3-1A35290BF4B7} => C:\Program Files (x86)\Magnum Slots Collection\Magnum Slots Collection.exe [2014-04-06] (                                                                                                    )
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DDDDD455-0D07-4D20-9D86-50F61FE49F9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)
Task: {ECF2051F-2110-4392-A4B8-302E9C616B85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {EDC5F876-BB8A-4F04-8502-BB3905D24C96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {FBEE2FE1-6B69-4C71-8EF0-39D69ABF6BED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {FFB54863-79D2-4E18-8C55-9A5600588E18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-06-17 23:13 - 2015-11-18 16:36 - 05890368 _____ () C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-01-04 02:28 - 2015-11-10 14:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-04 02:28 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-04 02:28 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-04 02:28 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-04 02:28 - 2015-12-14 15:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-04 02:28 - 2015-12-14 15:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-01-04 02:28 - 2015-11-03 17:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2015-10-21 15:29 - 2015-10-21 15:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2015-06-26 18:09 - 2015-06-26 18:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2016-01-04 02:28 - 2015-11-16 19:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1F6E129-98FA-4AF2-BC12-F6A410604B8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08C7B7CE-7ECA-4138-B7A7-043872216F0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EC5934B-C644-466C-97EB-616656887B42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E359EC01-F891-4F10-A18C-F9B05051CA09}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{85B7754D-F260-4306-BCAC-2F68C7645297}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3F3CB9C7-76C3-4204-A70C-DD53EB220BD4}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS6F0D\HPDiagnosticCoreUI.exe
FirewallRules: [{40738ECE-3BE9-4D70-83DD-5E279DF9C395}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS6F0D\HPDiagnosticCoreUI.exe
FirewallRules: [{6E4FDD1E-EA5B-45C8-BBD3-04C826321CA5}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS0C56\HPDiagnosticCoreUI.exe
FirewallRules: [{6E236DE7-D2FE-44B1-908B-5BF9F4F18B35}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS0C56\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{1AC9EFC5-64C2-48AD-BEA4-EB5BEAB9871B}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{08AA0E88-9B4B-43FB-AA71-C6F9E21A1685}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{089C1675-FDF7-42F0-AD69-18EE05B03AE3}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{AD25883A-5B77-4AED-938E-4642C67D6F96}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F95E4B42-EEB7-44F1-9058-D39836313AC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BD4113E-DA10-4D84-9696-4DA3EE73DC5E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C261AE81-07F3-448D-80BE-DE07ADFE7D1E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B9278AEF-887D-49FC-8EF0-891919262F24}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D96DE413-06D0-4B11-953E-160A76A06397}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{24D5C485-4AB3-4062-B321-62D454CF97D6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{67E5F0F3-44F5-4EBE-9781-E61D2DC0D968}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{D56D34D6-9707-442F-B843-F5CB943A416F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D6AA039-CA21-400A-BA1F-C8623B06F7A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{53F02E39-45AD-4741-A301-5542AE42AA3A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{11DD7CBB-D854-4FC8-9E46-9C99064709A5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{45F05240-E147-4D31-9A78-6E55D7839311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{87436E86-38D2-42F3-B915-17C624990C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E6E027C3-AED0-4E59-B15B-C38EBB4193C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-01-2016 09:30:23 Windows Update
13-01-2016 12:16:43 Windows Update
13-01-2016 15:00:01 Windows Update
16-01-2016 22:27:56 Windows Update
18-01-2016 21:19:40 paint.net 4.0.9
20-01-2016 21:59:41 Windows Update
24-01-2016 02:28:22 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 04:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x5684255b
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0x16d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/28/2016 02:47:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2016 09:44:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 09:05:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 06:55:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 06:44:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 06:36:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 06:17:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2016 10:01:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2016 08:30:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/27/2016 09:04:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:10:27 PM on ‎1/‎27/‎2016 was unexpected.

Error: (01/27/2016 06:53:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:51:23 PM on ‎1/‎27/‎2016 was unexpected.

Error: (01/27/2016 06:42:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:39:01 PM on ‎1/‎27/‎2016 was unexpected.

Error: (01/27/2016 06:35:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:33:21 PM on ‎1/‎27/‎2016 was unexpected.

Error: (01/27/2016 06:25:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.213.4472.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.8.0204.00

    Source Path: 4.8.0204.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (01/25/2016 07:54:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/25/2016 07:54:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/22/2016 04:05:16 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (01/13/2016 12:19:26 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (01/04/2016 02:28:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16351.14 MB
Available physical RAM: 12725.79 MB
Total Virtual: 32700.49 MB
Available Virtual: 28844.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:353.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0EF87012)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Just want to make sure that something unwanted has not made it's way onto my system.

 

Thank you again.

 

Jetter

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

There is no obvious Malware or infection in those logs, lets have aanother look...

 

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

 

  •  

     

  • Save any open work. TFC will close all open application windows.

     

     

  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.

     

     

  • If prompted, click "Yes" to reboot.

     

     

 

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

 

Next,

 

Please open Malwarebytes Anti-Malware.
 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.
 

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

 

Post those logs....

 

Thank you,

 

Kevin

Link to post
Share on other sites

Thank you so much Kevin.

 

Here are the logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/3/2016
Scan Time: 1:29 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.03.05
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339599
Time Elapsed: 6 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

**********************************************************************************************************************

**********************************************************************************************************************

 

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 08:24:46
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marie - MARIE-PC
# Running from : C:\Users\Marie\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService
[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files (x86)\CouponXplorer_5z
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\Marie\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi
[-] Folder Deleted : C:\Users\Marie\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Marie\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Marie\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Files ] *****

[-] File Deleted : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\shopcbtoolbar2@befrugal.com.xpi
[-] File Deleted : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\user.js
[-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bFHP]
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key Deleted : HKCU\Software\BEFRUGAL
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\CouponXplorer_5z
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\CouponXplorer_5z
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\BEFRUGAL
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\CouponXplorer_5z
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars.net
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\couponxplorer.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\home.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\totalrecipesearch.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com

***** [ Web browsers ] *****

[-] [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : geooogfhpjdpeiphckpbgkhpbeobcaoi

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5517 bytes] ##########
# AdwCleaner v5.032 - Logfile created 03/02/2016 at 14:09:03
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Marie - MARIE-PC
# Running from : C:\Users\Marie\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3777090084-4234919361-3576393612-1000\Software\BEFRUGAL
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com

***** [ Web browsers ] *****

[-] [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7358 bytes] ##########
 

*****************************************************************************************************************************************

*****************************************************************************************************************************************

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Marie (Administrator) on Wed 02/03/2016 at 14:10:50.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Failed to delete: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHPVK33M (Folder)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRUQOCE5 (Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6CGOLVE (Folder)
Successfully deleted: C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPX279BR (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/03/2016 at 14:12:20.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

*******************************************************************************************************************

*******************************************************************************************************************

 

RogueKiller V11.0.10.0 [Feb  1 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Marie [Administrator]
Started from : C:\Users\Marie\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/03/2016 14:20:19

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 500GB ATA Device +++++
--- User ---
[MBR] 9b4e9f72f7985b0f29abaa7cbc60ea2c
[bSP] 9f63ec0139a0a2dd419ebf40a2e59f07 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- USB3.0 CRW-CF/MD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- USB3.0 CRW-SM/xD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- USB3.0 CRW-SD USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- USB3.0 CRW-MS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- USB3.0 CRW-SD/MS USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

Thanks for theose logs, run the following:

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…
 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

Post those logs, let me know if there are any remaining issues or concerns..

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Thank you again.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Marie (administrator) on MARIE-PC (03-02-2016 17:54:49)
Running from C:\Users\Marie\Downloads
Loaded Profiles: Marie (Available Profiles: Marie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\ASGT.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Spotify Ltd) C:\Users\Marie\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\Marie\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2015-06-23] (Realtek Semiconductor)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [startCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [Amazon Music] => C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-11-18] ()
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [spotify Web Helper] => C:\Users\Marie\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-11-01] (Spotify Ltd)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [bingSvc] => C:\Users\Marie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-27] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-02] (Valve Corporation)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-11-27]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-02-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A55B7308-EEE5-4804-A028-052CAC0D1668}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U351&ocid=U351DHP&osmkt=en-us
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3777090084-4234919361-3576393612-1000: SkypePlugin -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3777090084-4234919361-3576393612-1000: SkypePlugin64 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)
FF Extension: Smplayer context menu - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\smplayerplaylist@luperrouch.fr.xpi [2015-06-17]
FF Extension: Link-It - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\link-it@martinandtony.com.xpi [2015-06-17]
FF Extension: MEGA EXTENSION - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\firefox@mega.co.nz.xpi [2015-06-17]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-06-17]
FF Extension: Wired-Marker - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a} [2015-06-17]
FF Extension: FxIF - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2015-07-30]
FF Extension: TinEye Reverse Image Search - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\tineye@ideeinc.com.xpi [2015-08-27]
FF Extension: FireShot - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-01-08]
FF Extension: Ghostery - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\firefox@ghostery.com.xpi [2015-12-31]
FF Extension: TrashMail.com - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\spam@trashmail.net.xpi [2015-06-17]
FF Extension: Adblock Plus - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3fgcedwl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2015-07-29] [not signed]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-27]
CHR Extension: (Google Docs) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Google Drive) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-27]
CHR Extension: (MSN Homepage) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-03] ()
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 17:51 - 2016-02-03 17:51 - 00000000 ___RD C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-02-03 16:51 - 2016-02-03 16:55 - 00000000 ____D C:\Users\Marie\Doctor Web
2016-02-03 16:50 - 2016-02-03 17:51 - 00213684 _____ C:\Windows\ntbtlog.txt
2016-02-03 16:45 - 2016-02-03 16:46 - 182589456 _____ C:\Users\Marie\Desktop\h2x5aeox.exe
2016-02-03 14:23 - 2016-02-03 14:23 - 00004800 _____ C:\Users\Marie\Desktop\rk_72FD.tmp.txt
2016-02-03 14:13 - 2016-02-03 14:23 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-03 14:13 - 2016-02-03 14:13 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-03 14:12 - 2016-02-03 14:12 - 00001122 _____ C:\Users\Marie\Desktop\JRT.txt
2016-02-03 14:10 - 2016-02-03 14:10 - 00007437 _____ C:\Users\Marie\Desktop\AdwCleaner[C1].txt
2016-02-03 14:05 - 2016-02-03 14:05 - 20943432 _____ C:\Users\Marie\Desktop\RogueKiller.exe
2016-02-03 14:04 - 2016-02-03 14:04 - 01609032 _____ (Malwarebytes) C:\Users\Marie\Desktop\JRT.exe
2016-02-03 14:03 - 2016-02-03 14:03 - 01508352 _____ C:\Users\Marie\Desktop\AdwCleaner.exe
2016-02-03 13:15 - 2016-02-03 13:15 - 00448512 _____ (OldTimer Tools) C:\Users\Marie\Desktop\TFC.exe
2016-02-01 20:58 - 2016-02-02 04:24 - 00000155 _____ C:\Users\Marie\Documents\Turbotax account.txt
2016-01-28 17:36 - 2016-02-03 17:55 - 00017636 _____ C:\Users\Marie\Downloads\FRST.txt
2016-01-28 17:36 - 2016-01-28 17:37 - 00034321 _____ C:\Users\Marie\Downloads\Addition.txt
2016-01-28 17:35 - 2016-01-28 17:35 - 00001070 _____ C:\Users\Marie\Desktop\MBAM_Scan_Jan_28_2016.txt
2016-01-28 16:52 - 2016-02-03 17:54 - 00000000 ____D C:\FRST
2016-01-28 16:52 - 2016-01-28 16:52 - 02370560 _____ (Farbar) C:\Users\Marie\Downloads\FRST64.exe
2016-01-27 22:32 - 2016-02-03 17:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-27 22:32 - 2016-01-27 22:33 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-27 22:32 - 2016-01-27 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-27 22:32 - 2016-01-27 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-27 22:32 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-27 22:32 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-27 22:32 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-25 19:21 - 2016-01-25 19:21 - 00000060 _____ C:\Users\Marie\Documents\Marie Google account.txt
2016-01-20 22:00 - 2016-01-20 21:59 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-01-20 21:59 - 2016-01-20 21:59 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-14 15:53 - 2016-01-14 15:53 - 00194221 _____ C:\Users\Marie\Desktop\Consumers.pdf
2016-01-13 04:02 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 04:02 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 04:02 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 04:02 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 04:02 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 04:02 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 04:02 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 04:02 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 04:02 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 04:02 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 04:02 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 04:02 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 04:02 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 04:02 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 04:02 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 04:02 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 04:02 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 04:02 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 04:02 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 04:02 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 04:02 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 04:02 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 04:02 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 04:02 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 04:02 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 04:02 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 04:02 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 04:02 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 04:02 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 04:02 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 04:02 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 04:02 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 04:02 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 04:02 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 04:02 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 04:02 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 04:02 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 04:02 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 04:02 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 04:02 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 04:02 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 04:02 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 04:02 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 04:02 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 04:02 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 04:02 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 04:02 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 04:02 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 04:02 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 04:02 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 04:02 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 04:02 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 04:02 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 04:02 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 04:02 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 04:02 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 04:02 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 04:02 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 04:02 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 04:02 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 04:02 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-13 04:02 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 04:02 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 04:02 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 04:02 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 04:02 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 04:02 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 04:02 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 04:02 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 04:02 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 04:02 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 04:02 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 04:02 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 04:02 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 04:02 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 04:02 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 04:02 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 04:02 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 04:02 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 04:02 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 04:02 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 04:02 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 04:02 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 04:02 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 04:02 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 04:02 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 04:01 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 04:01 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 04:01 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 04:01 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 04:01 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 04:01 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 04:01 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 04:01 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 04:01 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 04:01 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 04:01 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 04:01 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 04:01 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 04:01 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 04:01 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 04:01 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 04:01 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 04:01 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 04:01 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 04:01 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 04:01 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 04:01 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 04:01 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 04:01 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 04:01 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 04:01 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 04:01 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 04:01 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 04:01 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 04:01 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 04:01 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 04:01 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 04:01 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 04:01 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 04:01 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 04:01 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 04:01 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 04:01 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 04:01 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 04:01 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 04:01 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 04:01 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 04:01 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 04:01 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-07 04:26 - 2016-01-08 05:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 12:37 - 2016-01-06 12:37 - 00000326 _____ C:\Users\Marie\Desktop\HP Printer Diagnostic Tools.url
2016-01-04 06:06 - 2016-01-04 06:06 - 00000095 _____ C:\Users\Marie\Documents\Marie_Steam_Account.txt
2016-01-04 02:35 - 2016-01-04 02:35 - 00000222 _____ C:\Users\Marie\Desktop\Tomb Raider.url
2016-01-04 02:35 - 2016-01-04 02:35 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-04 02:28 - 2016-01-04 02:28 - 00000000 ____D C:\Users\Marie\AppData\Local\Steam
2016-01-04 02:27 - 2016-02-03 17:51 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-04 02:27 - 2016-01-04 02:27 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-04 02:27 - 2016-01-04 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-04 02:25 - 2016-01-04 02:25 - 00002211 _____ C:\Users\Marie\Downloads\Tomb_Raider_Download.html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 17:53 - 2015-08-27 22:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-03 17:53 - 2015-08-27 22:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-03 17:52 - 2015-12-18 07:05 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Raptr
2016-02-03 17:51 - 2015-06-16 20:51 - 00000000 ____D C:\Users\Marie
2016-02-03 17:51 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-03 16:55 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-03 16:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-03 16:49 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-03 16:49 - 2009-07-13 23:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-03 16:27 - 2015-12-14 03:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-03 14:07 - 2015-11-27 08:23 - 00000000 ____D C:\AdwCleaner
2016-02-03 14:00 - 2015-09-29 13:35 - 00000000 ____D C:\Users\Marie\Documents\4329
2016-02-03 05:37 - 2015-08-07 19:12 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Skype
2016-02-02 23:18 - 2015-10-15 00:55 - 00000000 ____D C:\Users\Marie\AppData\Local\CrashDumps
2016-02-02 19:39 - 2015-08-21 18:18 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMarie
2016-02-02 19:39 - 2015-08-21 18:18 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForMarie.job
2016-02-02 17:48 - 2015-08-27 22:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 17:48 - 2015-08-27 22:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-28 19:48 - 2015-08-27 22:30 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 19:48 - 2015-08-27 22:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-25 00:35 - 2015-06-21 17:09 - 00000000 ____D C:\Users\Marie\AppData\Local\PokerStars.NET
2016-01-20 22:00 - 2015-11-04 15:07 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 22:00 - 2015-07-15 12:23 - 00000000 ____D C:\Program Files\Java
2016-01-20 22:00 - 2015-06-17 14:47 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 22:00 - 2015-06-17 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 21:59 - 2015-08-27 06:12 - 00000000 ____D C:\Users\Marie\.oracle_jre_usage
2016-01-20 21:59 - 2015-07-15 12:23 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-19 14:27 - 2015-12-14 03:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 14:27 - 2015-06-16 22:01 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 14:27 - 2015-06-16 22:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-18 21:20 - 2015-06-17 12:43 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-01-18 21:20 - 2015-06-17 12:43 - 00001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-01-18 21:20 - 2015-06-17 12:43 - 00000000 ____D C:\Program Files\paint.net
2016-01-18 21:17 - 2015-06-16 21:20 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-15 20:00 - 2015-08-07 19:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 02:42 - 2015-06-25 22:09 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 02:42 - 2015-06-25 22:09 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 14:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 12:55 - 2015-12-23 10:22 - 00000000 ____D C:\Users\Marie\AppData\Roaming\HpUpdate
2016-01-13 12:50 - 2009-07-13 23:45 - 00299000 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 12:18 - 2015-06-16 23:47 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 12:18 - 2015-06-16 23:47 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 12:17 - 2015-06-16 21:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-09 14:14 - 2009-07-14 00:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-08 05:46 - 2015-06-17 01:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 16:30 - 2015-10-14 15:23 - 00000000 ____D C:\ProgramData\Atheros
2016-01-05 16:30 - 2015-06-17 02:02 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-05 16:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-04 02:23 - 2015-06-17 23:13 - 00000000 ____D C:\Users\Marie\AppData\Local\Amazon Music

==================== Files in the root of some directories =======

2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\Marie\AppData\Local\setup.txt
2015-06-17 13:14 - 2015-06-17 13:14 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Marie\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Marie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 07:27

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Marie (2016-02-03 17:55:06)
Running from C:\Users\Marie\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-06-17 01:51:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3777090084-4234919361-3576393612-500 - Administrator - Disabled)
Guest (S-1-5-21-3777090084-4234919361-3576393612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3777090084-4234919361-3576393612-1002 - Limited - Enabled)
Marie (S-1-5-21-3777090084-4234919361-3576393612-1000 - Administrator - Enabled) => C:\Users\Marie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Amazon Amazon Music) (Version: 3.11.5.1140 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Magnum Slots Collection (HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Magnum Slots Collection) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MusicBee 2.4 (HKLM-x32\...\MusicBee) (Version: 2.4 - Steven Mayall)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{75BBD24C-C19A-4885-B8FD-EB15009277D3}) (Version: 7.5.0.123 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3777090084-4234919361-3576393612-1000_Classes\CLSID\{59CA9673-A08B-489C-8932-1C3E0CF244D8}\localserver32 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3777090084-4234919361-3576393612-1000_Classes\CLSID\{B982932A-124D-489C-A7B3-8BCD1FDB8DD3}\InprocServer32 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3777090084-4234919361-3576393612-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Marie\AppData\Local\SkypePlugin\7.5.0.123\EdgeCalling.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {068F52D0-C423-472C-B748-39E3787AE321} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)
Task: {244D58D2-1040-4C8E-BA79-9ED11AC6189B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2D4352F6-1BC0-4D79-8F6B-636877D3204F} - System32\Tasks\{473E2699-D2B1-4651-A2F4-2C1EE02DA5C7} => C:\Program Files (x86)\Magnum Slots Collection\Magnum Slots Collection.exe [2014-04-06] (                                                                                                    )
Task: {3580D7CA-6793-4C5F-9CAC-F00AC9BA7A89} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {440477AC-7CD3-4633-B70A-B79145AF7060} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {565D3B24-3DB1-46D7-A515-45816BD62CD2} - System32\Tasks\Amazon Music Helper => C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-11-18] ()
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {61D84989-E4FB-4386-A628-55C998194D8F} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {70B9D6CE-5521-476D-A506-93E8026888D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {7A67AB79-F423-4E83-979B-C42F730E85B1} - System32\Tasks\HPCeeScheduleForMarie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {994AA8DB-2A96-4E66-9FB5-6F52B52E3892} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {9C94278A-EDAC-4CCA-87C6-05FD34114D28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {C4D3C871-FEB5-471A-B052-6AD6C9298616} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DB84A63E-3D96-497D-9C56-935633A86559} - System32\Tasks\{8C266A01-1EC1-40E4-93E3-1A35290BF4B7} => C:\Program Files (x86)\Magnum Slots Collection\Magnum Slots Collection.exe [2014-04-06] (                                                                                                    )
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {ECF2051F-2110-4392-A4B8-302E9C616B85} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {EDC5F876-BB8A-4F04-8502-BB3905D24C96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {FBEE2FE1-6B69-4C71-8EF0-39D69ABF6BED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {FFB54863-79D2-4E18-8C55-9A5600588E18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMarie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-06-17 23:13 - 2015-11-18 16:36 - 05890368 _____ () C:\Users\Marie\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-01-04 02:28 - 2015-12-15 00:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-04 02:28 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-04 02:28 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-04 02:28 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-04 02:28 - 2016-02-02 15:30 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-04 02:28 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-04 02:28 - 2016-02-02 15:29 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-01-04 02:28 - 2015-12-29 20:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2015-10-21 15:29 - 2015-10-21 15:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2015-10-21 15:29 - 2015-10-21 15:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2015-06-26 18:09 - 2015-06-26 18:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2016-01-04 02:28 - 2016-01-05 20:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3777090084-4234919361-3576393612-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1F6E129-98FA-4AF2-BC12-F6A410604B8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08C7B7CE-7ECA-4138-B7A7-043872216F0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7EC5934B-C644-466C-97EB-616656887B42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E359EC01-F891-4F10-A18C-F9B05051CA09}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{85B7754D-F260-4306-BCAC-2F68C7645297}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3F3CB9C7-76C3-4204-A70C-DD53EB220BD4}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS6F0D\HPDiagnosticCoreUI.exe
FirewallRules: [{40738ECE-3BE9-4D70-83DD-5E279DF9C395}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS6F0D\HPDiagnosticCoreUI.exe
FirewallRules: [{6E4FDD1E-EA5B-45C8-BBD3-04C826321CA5}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS0C56\HPDiagnosticCoreUI.exe
FirewallRules: [{6E236DE7-D2FE-44B1-908B-5BF9F4F18B35}] => (Allow) C:\Users\Marie\AppData\Local\Temp\7zS0C56\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{1AC9EFC5-64C2-48AD-BEA4-EB5BEAB9871B}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{08AA0E88-9B4B-43FB-AA71-C6F9E21A1685}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{089C1675-FDF7-42F0-AD69-18EE05B03AE3}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{AD25883A-5B77-4AED-938E-4642C67D6F96}C:\users\marie\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\marie\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F95E4B42-EEB7-44F1-9058-D39836313AC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BD4113E-DA10-4D84-9696-4DA3EE73DC5E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C261AE81-07F3-448D-80BE-DE07ADFE7D1E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B9278AEF-887D-49FC-8EF0-891919262F24}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D96DE413-06D0-4B11-953E-160A76A06397}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{24D5C485-4AB3-4062-B321-62D454CF97D6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{67E5F0F3-44F5-4EBE-9781-E61D2DC0D968}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{D56D34D6-9707-442F-B843-F5CB943A416F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1D6AA039-CA21-400A-BA1F-C8623B06F7A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{53F02E39-45AD-4741-A301-5542AE42AA3A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{11DD7CBB-D854-4FC8-9E46-9C99064709A5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{45F05240-E147-4D31-9A78-6E55D7839311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{87436E86-38D2-42F3-B915-17C624990C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{3B3C681C-FA8F-485D-AD1F-D64CACD3CF65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-01-2016 21:19:40 paint.net 4.0.9
20-01-2016 21:59:41 Windows Update
24-01-2016 02:28:22 Windows Update
28-01-2016 21:33:22 Windows Update
02-02-2016 11:24:28 Windows Update
03-02-2016 14:10:50 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2016 05:53:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 04:52:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 02:11:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 01:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2016 10:40:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2016 11:17:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x5684255b
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0x143c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/02/2016 05:57:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: SkypeIEPlugin.dll, version: 8.0.0.9103, time stamp: 0x568f8ff9
Exception code: 0xc0000005
Fault offset: 0x00060ae6
Faulting process id: 0x1b8c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/02/2016 05:20:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2016 12:30:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2016 11:14:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/03/2016 04:50:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2016 04:50:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/03/2016 04:50:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}


==================== Memory info ===========================

Processor: Intel® Core i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16351.14 MB
Available physical RAM: 13924.82 MB
Total Virtual: 32700.49 MB
Available Virtual: 30195.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:359.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0EF87012)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

cureit.log

Link to post
Share on other sites

Excellent, thank you for that update. Latest FRST logs are clean, run the folllowing to cean up...

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.