Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trovi Redirect In Chrome-Can't Remove


  • This topic is locked This topic is locked
13 replies to this topic

#1 rberm

rberm

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 04 March 2015 - 10:09 PM

  • I have 2 day old laptop. I inadvertently downloaded chrome from a non-google site and am now infected with Trovi.com redirect. I have tried all of the traditional recommended remedies: Malwarebytes, ESET, anti-adware programs, Roguekiller etc. All found infections which they removed, but Trovi lives on. I am unable to delete Chrome (I get error message that says I need to close all Chrome windows despite fact that they are all closed.) Please Help!

     

    Logs:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
    Ran by Richard (administrator) on RICHARD on 04-03-2015 21:39:54
    Running from C:\Users\Richard\Desktop
    Loaded Profiles: Richard (Available profiles: Richard)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
    (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
    (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-05] (Dell Inc.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-08] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387736 2014-07-04] (Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-24153500-1835576470-324910953-1001\...\Run: [GoogleChromeAutoLaunch_29A699B01FEEF335BD09EDAD4C8A90AE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKU\S-1-5-21-24153500-1835576470-324910953-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-24153500-1835576470-324910953-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-24153500-1835576470-324910953-1001 -> {C6BE1096-C948-44CD-9D16-D8CEEA82A320} URL =
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-24153500-1835576470-324910953-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M19E71F9D-9893-4A2E-AEEA-D2DBCC9EC5C3&SearchSource=55&CUI=&UM=8&UP=SPAB065D32-E01E-4DAD-8C57-88138903F950&SSPV=", "https://www.google.com/calendar/render?tab=wc", "hxxp://www.trovi.com/?gd=&ctid=CT3325290&octid=EB_ORIGINAL_CTID&ISID=MB226C762-40C0-4B88-AD75-9D50F0A88AD7&SearchSource=55&CUI=&UM=2&UP=SPF5B0D29A-D422-4A02-9F97-405BB8B3D4F2&SSPV=", "hxxp://websearch.fastsearchings.info/?pid=714&r=2014/07/16&hid=4093734464631692182&lg=EN&cc=US&unqvl=56"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
    CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
    CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-02]
    CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-02]
    CHR Extension: (Google Search) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-02]
    CHR Extension: (Google Calendar) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-03-02]
    CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
    CHR Extension: (AdBlock) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-02]
    CHR Extension: (Evernote Web Clipper) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-03-02]
    CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-02]
    CHR Extension: (Google Similar Pages) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2015-03-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-03-12] (Broadcom Corporation.)
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
    R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
    R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [325224 2014-09-08] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-02-19] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-19] (Microsoft Corporation)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-03-12] (Broadcom Corporation.)
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7504560 2014-03-12] (Broadcom Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-20] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R1 CompuCleverBootor; C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\Bootor64.sys [24240 2015-01-29] (<Compuclever>)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation)
    S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
    R3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-05-22] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-04] ()
    R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-19] (Microsoft Corporation)
    U2 McMPFSvc; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 21:39 - 2015-03-04 21:40 - 00016631 _____ () C:\Users\Richard\Desktop\FRST.txt
    2015-03-04 21:39 - 2015-03-04 21:39 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps
    2015-03-04 21:39 - 2015-03-04 21:39 - 00000000 ____D () C:\FRST
    2015-03-04 21:38 - 2015-03-04 21:38 - 02092544 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
    2015-03-04 17:02 - 2015-03-03 08:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-04 13:21 - 2015-03-04 13:21 - 02126848 _____ () C:\Users\Richard\Downloads\adwcleaner_4.111 (1).exe
    2015-03-04 13:19 - 2015-03-04 13:20 - 15566936 _____ () C:\Users\Richard\Downloads\RogueKiller (1).exe
    2015-03-04 13:06 - 2015-03-04 13:19 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-03-04 13:06 - 2015-03-04 13:06 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-03-04 13:05 - 2015-03-04 13:06 - 15566936 _____ () C:\Users\Richard\Downloads\RogueKiller.exe
    2015-03-04 12:50 - 2015-03-04 12:51 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Richard\Downloads\mbar-1.09.1.1004 (1).exe
    2015-03-04 11:31 - 2015-03-04 11:31 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2015-03-04 11:08 - 2015-03-04 11:08 - 00000000 ____D () C:\Users\Richard\AppData\Local\Citrix
    2015-03-03 22:23 - 2015-03-03 22:23 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-03-03 22:23 - 2015-03-03 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-03-03 22:23 - 2015-03-03 22:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-03-03 22:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-03-03 22:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-03-03 22:22 - 2015-03-03 22:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Richard\Downloads\mbam-setup-2.0.4.1028.exe
    2015-03-03 16:22 - 2015-03-03 16:22 - 02347384 _____ (ESET) C:\Users\Richard\Downloads\esetsmartinstaller_enu.exe
    2015-03-03 16:22 - 2015-03-03 16:22 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-03-03 16:17 - 2015-03-03 16:17 - 01388333 _____ (Thisisu) C:\Users\Richard\Downloads\JRT (3).exe
    2015-03-03 16:14 - 2015-03-03 16:14 - 00000713 _____ () C:\Users\Richard\Desktop\JRT.txt
    2015-03-03 16:07 - 2015-03-03 16:07 - 01388333 _____ (Thisisu) C:\Users\Richard\Downloads\JRT (2).exe
    2015-03-03 16:06 - 2015-03-03 16:06 - 02126848 _____ () C:\Users\Richard\Downloads\AdwCleaner (1).exe
    2015-03-03 16:03 - 2015-03-03 16:03 - 02126848 _____ () C:\Users\Richard\Downloads\AdwCleaner.exe
    2015-03-03 16:01 - 2015-03-03 16:01 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Richard\Downloads\tdsskiller.exe
    2015-03-03 15:57 - 2015-03-03 15:57 - 00401920 _____ (Farbar) C:\Users\Richard\Downloads\MiniToolBox (1).exe
    2015-03-03 15:56 - 2015-03-03 15:57 - 00001960 _____ () C:\Users\Richard\Desktop\Rkill.txt
    2015-03-03 15:56 - 2015-03-03 15:56 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Richard\Downloads\rkill.com
    2015-03-03 15:56 - 2015-03-03 15:56 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Richard\Downloads\rkill64.com
    2015-03-03 11:36 - 2015-03-03 11:36 - 00852604 _____ () C:\Users\Richard\Downloads\SecurityCheck.exe
    2015-03-03 11:26 - 2015-03-04 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-03-03 11:26 - 2015-03-04 12:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-03-03 11:26 - 2015-03-03 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-03-03 11:24 - 2015-03-04 13:05 - 00000000 ____D () C:\Users\Richard\Desktop\mbar
    2015-03-03 11:24 - 2015-03-04 12:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-03-03 11:24 - 2015-03-03 11:24 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Richard\Downloads\mbar-1.09.1.1004.exe
    2015-03-03 11:06 - 2015-03-03 11:06 - 02126848 _____ () C:\Users\Richard\Downloads\adwcleaner_4.111.exe
    2015-03-03 10:55 - 2015-03-03 10:55 - 01388333 _____ (Thisisu) C:\Users\Richard\Downloads\JRT (1).exe
    2015-03-03 10:37 - 2015-03-03 10:37 - 01388333 _____ (Thisisu) C:\Users\Richard\Downloads\JRT.exe
    2015-03-03 10:36 - 2015-03-03 15:58 - 00021628 _____ () C:\Users\Richard\Downloads\Result.txt
    2015-03-03 10:34 - 2015-03-03 10:34 - 00401920 _____ (Farbar) C:\Users\Richard\Downloads\MiniToolBox.exe
    2015-03-03 08:56 - 2015-03-03 08:56 - 00000000 ____D () C:\Users\Richard\AppData\Local\Amazon_Services_LLC
    2015-03-03 01:12 - 2014-08-13 14:19 - 00000113 ____H () C:\DBAR_Ver.txt
    2015-03-03 01:11 - 2015-03-03 01:12 - 00000000 ____D () C:\ProgramData\softthinks
    2015-03-03 01:11 - 2015-03-03 01:11 - 00000000 ____D () C:\Users\Richard\AppData\Local\softthinks
    2015-03-03 01:10 - 2015-03-03 11:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
    2015-03-03 01:09 - 2015-03-03 22:19 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    2015-03-03 01:06 - 2015-03-03 01:06 - 00003988 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
    2015-03-03 01:06 - 2015-03-03 01:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
    2015-03-03 01:06 - 2015-03-03 01:06 - 00003198 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
    2015-03-03 01:04 - 2015-03-03 01:05 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\DropboxOEM
    2015-03-03 00:58 - 2015-03-04 13:23 - 00000000 ____D () C:\AdwCleaner
    2015-03-02 23:41 - 2015-03-04 11:15 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Windows Live Writer
    2015-03-02 23:41 - 2015-03-02 23:41 - 00000000 ____D () C:\Users\Richard\AppData\Local\Windows Live Writer
    2015-03-02 21:33 - 2015-03-02 21:33 - 00001476 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-03-02 21:33 - 2015-03-02 21:33 - 00000000 ____D () C:\Windows\PCHEALTH
    2015-03-02 21:33 - 2015-03-02 21:33 - 00000000 ____D () C:\Program Files\Windows Live
    2015-03-02 21:33 - 2015-03-02 21:33 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2015-03-02 21:31 - 2015-03-02 23:40 - 00000000 ____D () C:\Users\Richard\AppData\Local\Windows Live
    2015-03-02 21:22 - 2015-03-02 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
    2015-03-02 21:02 - 2015-03-02 21:06 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Google
    2015-03-02 21:01 - 2015-03-02 21:25 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
    2015-03-02 21:01 - 2015-03-02 21:25 - 00000000 ____D () C:\ProgramData\CompuClever
    2015-03-02 21:01 - 2015-03-02 21:25 - 00000000 ____D () C:\Program Files (x86)\CompuClever
    2015-03-02 21:01 - 2015-03-02 21:01 - 00003778 _____ () C:\Windows\System32\Tasks\PC TuneUp Maestro Scan
    2015-03-02 21:01 - 2015-03-02 21:01 - 00003736 _____ () C:\Windows\System32\Tasks\PC TuneUp Maestro Disk Defrag Analysis
    2015-03-02 21:01 - 2015-03-02 21:01 - 00003534 _____ () C:\Windows\System32\Tasks\PC TuneUp Maestro Scan SecondTime
    2015-03-02 21:01 - 2015-03-02 21:01 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\CompuClever
    2015-03-02 21:00 - 2015-03-03 22:19 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\ContentExplorer
    2015-03-02 21:00 - 2015-03-02 21:00 - 00000000 ____D () C:\ProgramData\Google
    2015-03-02 21:00 - 2015-03-02 21:00 - 00000000 ____D () C:\Program Files\Google
    2015-03-02 20:58 - 2015-03-02 20:58 - 00000000 ____D () C:\Users\Richard\AppData\Local\Deployment
    2015-03-02 20:58 - 2015-03-02 20:58 - 00000000 ____D () C:\Users\Richard\AppData\Local\Apps\2.0
    2015-03-02 20:40 - 2015-03-02 20:40 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-03-02 20:40 - 2015-03-02 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-03-02 20:39 - 2015-03-04 13:44 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-02 20:39 - 2015-03-04 13:24 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-02 20:39 - 2015-03-02 21:02 - 00000000 ____D () C:\Users\Richard\AppData\Local\Google
    2015-03-02 20:39 - 2015-03-02 21:00 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-03-02 20:39 - 2015-03-02 20:39 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-03-02 20:39 - 2015-03-02 20:39 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-03-02 20:33 - 2015-03-02 20:33 - 00000000 ____D () C:\Windows\System32\Tasks\Aviata
    2015-03-02 20:14 - 2015-03-02 20:14 - 00000000 ____D () C:\Users\Richard\AppData\Local\DoNotTrackPlus
    2015-03-02 20:12 - 2015-03-02 20:12 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
    2015-03-02 20:12 - 2015-03-02 20:12 - 00000778 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    2015-03-02 20:12 - 2015-03-02 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
    2015-03-02 20:10 - 2015-03-02 20:12 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
    2015-03-02 20:10 - 2015-03-02 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-02 20:09 - 2015-03-02 20:09 - 00000000 ____D () C:\ProgramData\CheckPoint
    2015-03-02 20:06 - 2015-03-04 16:50 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{ACF80A20-E770-4AFE-83C3-8E6FE1ADF96B}
    2015-03-02 20:06 - 2015-03-02 20:06 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieUserList
    2015-03-02 20:06 - 2015-03-02 20:06 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieSiteList
    2015-03-02 20:06 - 2015-03-02 20:06 - 00000000 __SHD () C:\Users\Richard\AppData\Local\EmieBrowserModeList
    2015-03-02 20:04 - 2015-03-04 12:20 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-24153500-1835576470-324910953-1001
    2015-03-02 20:04 - 2015-03-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Dell Update
    2015-03-02 20:02 - 2015-03-04 13:24 - 00000000 ___RD () C:\Users\Richard\OneDrive
    2015-03-02 20:02 - 2015-03-02 20:02 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Macromedia
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Users\Richard\Documents\Bluetooth Exchange Folder
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Users\Richard\AppData\Local\Power2Go8
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Users\Richard\AppData\Local\PackageStaging
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Users\Richard\AppData\Local\DropboxOEM
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Users\Richard\AppData\Local\Broadcom
    2015-03-02 19:59 - 2015-03-02 19:59 - 00000000 ____D () C:\Users\Richard\AppData\Local\Aviata
    2015-03-02 19:58 - 2015-03-02 21:16 - 00000000 ____D () C:\Users\Richard\AppData\Local\Packages
    2015-03-02 19:58 - 2015-03-02 19:58 - 00001440 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-03-02 19:58 - 2015-03-02 19:58 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-03-02 19:58 - 2015-03-02 19:58 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Adobe
    2015-03-02 19:58 - 2015-03-02 19:58 - 00000000 ____D () C:\Users\Richard\AppData\Local\VirtualStore
    2015-03-02 19:57 - 2015-03-02 20:02 - 00000000 ____D () C:\Users\Richard
    2015-03-02 19:57 - 2015-03-02 19:57 - 00000020 ___SH () C:\Users\Richard\ntuser.ini
    2015-03-02 19:57 - 2015-02-19 12:56 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-03-02 19:57 - 2014-11-21 07:39 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-03-02 19:57 - 2014-11-21 07:39 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-03-02 19:57 - 2014-11-20 23:50 - 00000369 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-03-02 19:57 - 2014-11-20 23:50 - 00000369 _____ () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-03-02 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-02-19 14:09 - 2015-02-19 14:09 - 00000000 __SHD () C:\System Recovery
    2015-02-19 13:40 - 2015-02-19 13:40 - 00077841 _____ () C:\Windows\system32\DISMLog.log
    2015-02-19 13:28 - 2015-02-19 13:28 - 00002053 _____ () C:\Users\Public\Desktop\Dropbox 20 GB.lnk
    2015-02-19 13:28 - 2015-02-19 13:28 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
    2015-02-19 13:28 - 2015-02-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB
    2015-02-19 13:28 - 2015-02-19 13:28 - 00000000 ____D () C:\ProgramData\Aviata
    2015-02-19 13:28 - 2015-02-19 13:28 - 00000000 ____D () C:\Program Files (x86)\Dropbox
    2015-02-19 13:28 - 2015-02-19 13:28 - 00000000 ____D () C:\Program Files (x86)\Dell Product Registration
    2015-02-19 13:25 - 2015-03-04 12:44 - 00000000 ____D () C:\ProgramData\McAfee
    2015-02-19 13:22 - 2015-03-04 13:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2015-02-19 13:22 - 2015-03-04 13:26 - 00016979 _____ () C:\Windows\SysWOW64\Gms.log
    2015-02-19 13:21 - 2015-03-02 20:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-02-19 13:21 - 2015-02-19 13:21 - 00002223 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
    2015-02-19 13:21 - 2015-02-19 13:21 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
    2015-02-19 13:21 - 2015-02-19 13:21 - 00000000 ____D () C:\Program Files\My Dell
    2015-02-19 13:21 - 2015-02-19 13:21 - 00000000 ____D () C:\Program Files\Dell Support Center
    2015-02-19 13:21 - 2015-02-19 13:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2015-02-19 13:21 - 2015-02-19 13:21 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
    2015-02-19 13:21 - 2015-02-19 13:21 - 00000000 ____D () C:\Program Files (x86)\Amazon
    2015-02-19 13:21 - 2014-02-28 12:45 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
    2015-02-19 13:20 - 2015-02-19 13:20 - 00015804 _____ () C:\Windows\system32\results.xml
    2015-02-19 13:18 - 2015-02-19 13:24 - 00000000 ____D () C:\Temp
    2015-02-19 13:18 - 2015-02-19 13:18 - 00000720 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
    2015-02-19 13:18 - 2015-02-19 13:18 - 00000000 ____D () C:\Intel
    2015-02-19 13:18 - 2014-08-26 16:09 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
    2015-02-19 13:18 - 2014-08-26 16:09 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
    2015-02-19 13:17 - 2015-02-19 13:18 - 00000000 ____D () C:\Program Files (x86)\Intel
    2015-02-19 13:17 - 2015-02-19 13:17 - 00000000 ____D () C:\Windows\SysWOW64\sda
    2015-02-19 13:17 - 2015-02-19 13:17 - 00000000 ____D () C:\ProgramData\Intel
    2015-02-19 13:16 - 2015-02-19 13:16 - 00000000 ____D () C:\Program Files (x86)\Cisco
    2015-02-19 13:15 - 2015-02-19 13:18 - 00000000 ____D () C:\Program Files\Intel
    2015-02-19 13:15 - 2015-02-19 13:17 - 00012342 _____ () C:\Windows\DPINST.LOG
    2015-02-19 13:15 - 2015-02-19 13:15 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
    2015-02-19 13:15 - 2015-02-19 13:15 - 00001380 _____ () C:\Windows\Synaptics.log
    2015-02-19 13:15 - 2015-02-19 13:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2015-02-19 13:15 - 2015-02-19 13:15 - 00000000 ____D () C:\Program Files\WIDCOMM
    2015-02-19 13:15 - 2015-02-19 13:15 - 00000000 ____D () C:\Program Files\Synaptics
    2015-02-19 13:15 - 2014-05-22 23:21 - 00750832 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
    2015-02-19 13:15 - 2014-05-22 23:21 - 00549104 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
    2015-02-19 13:15 - 2014-05-22 23:21 - 00407792 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
    2015-02-19 13:15 - 2014-05-22 23:21 - 00255216 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
    2015-02-19 13:15 - 2014-05-22 23:21 - 00208624 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
    2015-02-19 13:15 - 2014-05-22 23:21 - 00042736 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynRMIHID.sys
    2015-02-19 13:15 - 2014-03-12 20:47 - 02251992 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
    2015-02-19 13:15 - 2014-03-12 20:47 - 00230104 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
    2015-02-19 13:15 - 2014-03-12 20:47 - 00190168 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
    2015-02-19 13:15 - 2014-03-12 20:47 - 00170712 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
    2015-02-19 13:15 - 2014-03-12 20:47 - 00166616 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
    2015-02-19 13:15 - 2014-03-12 20:47 - 00066264 _____ (Broadcom Corporation.) C:\Windows\system32\btwdi.dll
    2015-02-19 13:15 - 2014-03-12 20:47 - 00057575 _____ () C:\Windows\system32\Drivers\BCM43142A0_001.001.011.0197.0229.hex
    2015-02-19 13:15 - 2014-03-12 20:47 - 00040248 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
    2015-02-19 13:15 - 2014-03-12 20:47 - 00038616 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
    2015-02-19 13:14 - 2015-03-04 21:36 - 01573393 _____ () C:\Windows\WindowsUpdate.log
    2015-02-19 13:14 - 2015-02-19 13:14 - 00977191 _____ () C:\Windows\system32\Drivers\rtwavesskdy.dat
    2015-02-19 13:14 - 2015-02-19 13:14 - 00455743 _____ () C:\Windows\system32\Drivers\rtwavesmapro.dat
    2015-02-19 13:14 - 2015-02-19 13:14 - 00030273 _____ () C:\Windows\system32\Drivers\rtwavesEFX.dat
    2015-02-19 13:14 - 2015-02-19 13:14 - 00019678 _____ () C:\Windows\system32\Drivers\rtwavesmaprocap.dat
    2015-02-19 13:14 - 2015-02-19 13:14 - 00010643 _____ () C:\Windows\system32\Drivers\rtwavesMFX.dat
    2015-02-19 13:14 - 2015-02-19 13:14 - 00003132 _____ () C:\Windows\System32\Tasks\RtHDVBg_PushButton
    2015-02-19 13:14 - 2015-02-19 13:14 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-02-19 13:14 - 2015-02-19 13:14 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2015-02-19 13:14 - 2015-02-19 13:14 - 00000000 ____D () C:\Windows\system32\SRSLabs
    2015-02-19 13:14 - 2015-02-19 13:14 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-19 13:14 - 2015-02-19 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
    2015-02-19 13:14 - 2015-02-19 13:14 - 00000000 ____D () C:\Program Files\Realtek
    2015-02-19 13:13 - 2015-02-19 13:33 - 00000000 ____D () C:\ProgramData\Dell
    2015-02-19 13:13 - 2015-02-19 13:29 - 00000000 ____D () C:\Program Files\Dell
    2015-02-19 13:13 - 2015-02-19 13:17 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2015-02-19 13:13 - 2015-02-19 13:14 - 00000000 ___HD () C:\Program Files (x86)\Temp
    2015-02-19 13:13 - 2014-07-08 22:16 - 04007512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2015-02-19 13:13 - 2014-07-08 18:54 - 01262807 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2015-02-19 13:13 - 2014-07-08 16:02 - 02000152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
    2015-02-19 13:13 - 2014-07-08 16:02 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
    2015-02-19 13:13 - 2014-07-07 20:05 - 67255296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
    2015-02-19 13:13 - 2014-07-07 17:07 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2015-02-19 13:13 - 2014-07-04 14:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2015-02-19 13:13 - 2014-07-02 20:20 - 02805464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2015-02-19 13:13 - 2014-06-20 20:45 - 00949976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2015-02-19 13:13 - 2014-06-17 16:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2015-02-19 13:13 - 2014-06-09 13:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2015-02-19 13:13 - 2014-05-19 13:47 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2015-02-19 13:13 - 2014-05-09 14:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2015-02-19 13:13 - 2014-04-17 20:42 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2015-02-19 13:13 - 2014-04-17 20:42 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2015-02-19 13:13 - 2014-04-17 20:42 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2015-02-19 13:13 - 2014-04-10 15:20 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2015-02-19 13:13 - 2014-04-10 15:20 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 01763416 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek364.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2015-02-19 13:13 - 2014-04-10 15:19 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
    2015-02-19 13:13 - 2014-04-07 19:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2015-02-19 13:13 - 2014-04-07 19:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2015-02-19 13:13 - 2014-04-07 19:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2015-02-19 13:13 - 2014-04-07 19:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2015-02-19 13:13 - 2014-03-19 22:19 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2015-02-19 13:13 - 2014-03-06 18:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2015-02-19 13:13 - 2014-02-18 19:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2015-02-19 13:13 - 2014-02-06 13:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
    2015-02-19 13:13 - 2014-01-08 17:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
    2015-02-19 13:13 - 2013-10-11 15:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2015-02-19 13:13 - 2013-08-14 18:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2015-02-19 13:13 - 2013-08-14 18:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2015-02-19 13:13 - 2013-07-22 18:36 - 00194816 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
    2015-02-19 13:13 - 2013-04-23 17:54 - 00154184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
    2015-02-19 13:13 - 2013-01-11 18:27 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
    2015-02-19 13:13 - 2013-01-11 18:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
    2015-02-19 13:13 - 2012-11-14 13:41 - 00378000 _____ (Realtek Semiconductor) C:\Windows\system32\RtkGuiCompLib.dll
    2015-02-19 13:13 - 2012-08-31 22:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2015-02-19 13:13 - 2012-08-31 22:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2015-02-19 13:13 - 2012-08-31 22:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2015-02-19 13:13 - 2012-08-31 22:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2015-02-19 13:13 - 2012-08-31 22:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2015-02-19 13:13 - 2012-06-08 19:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
    2015-02-19 13:13 - 2012-06-08 19:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
    2015-02-19 13:13 - 2012-03-08 13:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2015-02-19 13:13 - 2011-12-20 17:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2015-02-19 13:13 - 2011-12-16 16:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
    2015-02-19 13:13 - 2011-11-22 18:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2015-02-19 13:13 - 2011-05-31 12:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2015-02-19 13:13 - 2010-11-08 09:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2015-02-19 13:13 - 2010-11-08 09:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2015-02-19 13:13 - 2010-11-08 09:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2015-02-19 13:13 - 2010-11-08 09:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2015-02-19 13:13 - 2010-11-08 09:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2015-02-19 13:13 - 2010-11-08 09:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2015-02-19 13:13 - 2010-11-03 21:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2015-02-19 13:13 - 2010-09-27 12:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2015-02-19 13:13 - 2009-11-24 11:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2015-02-19 13:13 - 2009-11-24 11:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2015-02-19 13:13 - 2009-11-24 11:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2015-02-19 13:13 - 2009-11-24 11:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2015-02-19 13:13 - 2009-11-18 09:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
    2015-02-19 13:12 - 2015-02-19 13:13 - 00000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2015-02-19 13:12 - 2015-02-19 13:12 - 00000000 ____D () C:\Users\Public\CyberLink
    2015-02-19 13:11 - 2015-02-19 13:12 - 00000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2015-02-19 13:10 - 2015-02-19 13:11 - 00000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2015-02-19 13:10 - 2015-02-19 13:10 - 00003160 _____ () C:\Windows\System32\Tasks\CLVDLauncher
    2015-02-19 13:10 - 2015-02-19 13:10 - 00003160 _____ () C:\Windows\System32\Tasks\CLMLSvc_P2G8
    2015-02-19 13:10 - 2013-03-05 15:01 - 00091712 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive.sys
    2015-02-19 13:09 - 2015-02-19 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-19 13:09 - 2015-02-19 13:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
    2015-02-19 13:09 - 2015-02-19 13:13 - 00000000 ____D () C:\ProgramData\Temp
    2015-02-19 13:09 - 2015-02-19 13:13 - 00000000 ____D () C:\Program Files (x86)\CyberLink
    2015-02-19 13:09 - 2015-02-19 13:12 - 00000000 ____D () C:\ProgramData\install_clap
    2015-02-19 13:09 - 2015-02-19 13:12 - 00000000 ____D () C:\ProgramData\CyberLink
    2015-02-19 13:09 - 2015-02-19 13:10 - 00000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2015-02-19 13:09 - 2015-02-19 13:09 - 00000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2015-02-19 13:09 - 2015-02-19 13:09 - 00000000 ____D () C:\ProgramData\CLSK
    2015-02-19 13:00 - 2015-02-19 13:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
    2015-02-19 12:58 - 2015-02-19 12:58 - 00028032 ___RH () C:\dell.sdr
    2015-02-19 12:56 - 2015-02-19 12:56 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 22290560 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 07473472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 03558400 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-19 12:56 - 2015-02-19 12:56 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-19 12:56 - 2015-02-19 12:56 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01499384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 01390928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01127976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-02-19 12:56 - 2015-02-19 12:56 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-19 12:56 - 2015-02-19 12:56 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-02-19 12:56 - 2015-02-19 12:56 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-02-19 12:56 - 2015-02-19 12:56 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00273232 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
    2015-02-19 12:56 - 2015-02-19 12:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
    2015-02-19 12:56 - 2015-02-19 12:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
    2015-02-19 12:56 - 2015-02-19 12:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
    2015-02-19 12:56 - 2015-02-19 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-02-19 12:56 - 2015-02-19 12:56 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-02-19 12:56 - 2015-02-19 12:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-02-19 12:43 - 2014-09-11 20:15 - 00453872 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
    2015-02-19 12:43 - 2014-09-08 15:40 - 02810576 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiVAD64.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00767080 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00763496 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00472168 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00456296 _____ () C:\Windows\system32\igfxTray.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00417896 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00325224 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00303208 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00279144 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00245864 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00194152 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00154728 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00086632 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
    2015-02-19 12:43 - 2014-09-08 15:40 - 00086120 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
    2015-02-19 12:43 - 2014-09-08 15:39 - 04716176 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
    2015-02-19 12:43 - 2014-09-08 15:37 - 00003948 _____ () C:\Windows\system32\iglhxs64.vp
    2015-02-19 12:43 - 2014-09-08 15:36 - 24234840 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 23427832 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 17341568 _____ () C:\Windows\system32\igd11dxva64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 16857968 _____ () C:\Windows\SysWOW64\igd11dxva32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 07704360 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 06997232 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 05850360 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 04610728 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 01137080 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 01132960 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00625664 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00507232 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00220392 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00207496 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00184312 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00175024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
    2015-02-19 12:43 - 2014-09-08 15:36 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
    2015-02-19 12:43 - 2014-09-08 15:31 - 08811520 _____ (Intel Corporation) C:\Windows\system32\ig8icd64.dll
    2015-02-19 12:43 - 2014-09-08 15:30 - 00225792 _____ () C:\Windows\system32\igdde64.dll
    2015-02-19 12:43 - 2014-09-08 15:30 - 00162304 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 01131008 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00734720 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00673792 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00641530 _____ () C:\Windows\system32\FilmModeDetection.wmv
    2015-02-19 12:43 - 2014-09-08 15:29 - 00403671 _____ () C:\Windows\system32\ImageStabilization.wmv
    2015-02-19 12:43 - 2014-09-08 15:29 - 00375173 _____ () C:\Windows\system32\ColorImageEnhancement.wmv
    2015-02-19 12:43 - 2014-09-08 15:29 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00272384 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00254976 _____ () C:\Windows\system32\igfxCPL.cpl
    2015-02-19 12:43 - 2014-09-08 15:29 - 00250368 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00224256 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00212660 __RSH () C:\Windows\system32\resTHA.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00203812 __RSH () C:\Windows\system32\resELL.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00199652 __RSH () C:\Windows\system32\resRUS.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00182356 __RSH () C:\Windows\system32\resARA.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00181828 __RSH () C:\Windows\system32\resJPN.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00181364 __RSH () C:\Windows\system32\resHEB.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00176116 __RSH () C:\Windows\system32\resFRA.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00176052 __RSH () C:\Windows\system32\resHUN.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00174340 __RSH () C:\Windows\system32\resKOR.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00174004 __RSH () C:\Windows\system32\resDEU.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00173748 __RSH () C:\Windows\system32\resITA.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00173492 __RSH () C:\Windows\system32\resROM.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00173460 __RSH () C:\Windows\system32\resESN.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00173444 __RSH () C:\Windows\system32\resSKY.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00173044 __RSH () C:\Windows\system32\resPLK.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00172676 __RSH () C:\Windows\system32\resNLD.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00171876 __RSH () C:\Windows\system32\resPTB.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00171860 __RSH () C:\Windows\system32\resTRK.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00171796 __RSH () C:\Windows\system32\resCSY.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00171332 __RSH () C:\Windows\system32\resPTG.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00171156 __RSH () C:\Windows\system32\resFIN.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00170548 __RSH () C:\Windows\system32\resHRV.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00170020 __RSH () C:\Windows\system32\resSLV.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00170004 __RSH () C:\Windows\system32\resSVE.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00168788 __RSH () C:\Windows\system32\resNOR.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00168132 __RSH () C:\Windows\system32\resDAN.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00166660 __RSH () C:\Windows\system32\resENU.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00164836 __RSH () C:\Windows\system32\resCHT.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00163652 __RSH () C:\Windows\system32\resCHS.cui
    2015-02-19 12:43 - 2014-09-08 15:29 - 00069632 _____ () C:\Windows\system32\igfxCUIServicePS.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00058880 _____ ( ) C:\Windows\system32\igfxDHLib.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
    2015-02-19 12:43 - 2014-09-08 15:29 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
    2015-02-19 12:43 - 2014-09-08 15:27 - 06930944 _____ (Intel Corporation) C:\Windows\SysWOW64\ig8icd32.dll
    2015-02-19 12:43 - 2014-09-08 15:27 - 00186368 _____ () C:\Windows\SysWOW64\igdde32.dll
    2015-02-19 12:43 - 2014-09-08 15:27 - 00144896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
    2015-02-19 12:43 - 2014-09-08 15:27 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
    2015-02-19 12:43 - 2014-09-08 15:22 - 18896896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
    2015-02-19 12:43 - 2014-09-08 15:22 - 07788032 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
    2015-02-19 12:43 - 2014-09-08 15:22 - 00349696 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
    2015-02-19 12:43 - 2014-09-08 15:22 - 00304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
    2015-02-19 12:43 - 2014-09-08 15:21 - 24023552 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
    2015-02-19 12:43 - 2014-09-08 15:21 - 08288768 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
    2015-02-19 12:43 - 2014-09-08 15:21 - 00397312 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
    2015-02-19 12:43 - 2014-09-08 15:21 - 00372224 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
    2015-02-19 12:43 - 2014-09-08 15:11 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3939.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 02772616 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 01509512 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 01365504 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 01061376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00883848 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00613000 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00562824 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00350344 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00255624 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00206848 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00193672 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00174592 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00131208 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll
    2015-02-19 12:43 - 2014-09-08 15:10 - 00124552 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll
    2015-02-19 12:43 - 2014-08-26 16:09 - 02813952 _____ () C:\Windows\system32\iglhxa64.cpa
    2015-02-19 12:43 - 2014-08-26 16:09 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
    2015-02-19 12:43 - 2014-08-26 16:09 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
    2015-02-19 12:43 - 2014-08-26 16:09 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
    2015-02-19 12:43 - 2014-08-26 16:09 - 00044025 _____ () C:\Windows\system32\iglhxo64.vp
    2015-02-19 12:43 - 2014-08-26 16:09 - 00043816 _____ () C:\Windows\system32\iglhxc64_dev.vp
    2015-02-19 12:43 - 2014-08-26 16:09 - 00043494 _____ () C:\Windows\system32\iglhxc64.vp
    2015-02-19 12:43 - 2014-08-26 16:09 - 00043298 _____ () C:\Windows\system32\iglhxg64_dev.vp
    2015-02-19 12:43 - 2014-08-26 16:09 - 00043256 _____ () C:\Windows\system32\iglhxg64.vp
    2015-02-19 12:43 - 2014-08-26 16:09 - 00042079 _____ () C:\Windows\system32\iglhxo64_dev.vp
    2015-02-19 12:43 - 2014-08-26 16:09 - 00001125 _____ () C:\Windows\system32\iglhxa64.vp
    2015-02-19 12:41 - 2014-09-03 14:03 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2015-02-19 12:41 - 2014-09-03 14:03 - 00126976 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
    2015-02-19 12:41 - 2014-06-07 10:20 - 00670056 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
    2015-02-19 12:41 - 2013-11-01 18:40 - 00330456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
    2015-02-19 12:41 - 2013-04-25 21:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
    2015-02-19 12:40 - 2014-03-12 20:47 - 07504560 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS
    2015-02-19 12:40 - 2014-03-12 20:47 - 04136960 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
    2015-02-19 12:40 - 2014-03-12 20:47 - 03781632 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
    2015-02-19 12:39 - 2014-07-18 17:31 - 00874712 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
    2015-02-19 12:39 - 2014-07-18 17:31 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
    2015-02-19 12:39 - 2014-06-11 09:40 - 00143864 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS_UART2.sys
    2015-02-19 12:39 - 2014-06-11 09:40 - 00120312 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS_I2C.sys
    2015-02-19 12:39 - 2014-06-11 09:40 - 00100856 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS_SPI.sys
    2015-02-19 12:39 - 2014-06-11 09:40 - 00035832 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS_GPIO.sys
    2015-02-19 12:36 - 2015-02-19 12:36 - 00003482 _____ () C:\Windows\SysWOW64\Drivers\1028_Dell_INS_3543.mrk
    2015-02-19 12:36 - 2015-02-19 12:36 - 00003482 _____ () C:\Windows\system32\Drivers\1028_Dell_INS_3543.mrk
    2015-02-19 12:36 - 2013-01-24 21:12 - 00010752 _____ (OSR Open Systems Resources, Inc.) C:\Windows\system32\Drivers\DellRbtn.sys
    2015-02-19 12:34 - 2015-02-19 12:34 - 00000012 _____ () C:\Windows\csup.txt
    2015-02-19 12:33 - 2014-11-20 23:51 - 00035397 _____ () C:\Windows\Core.xml
    2015-02-19 12:32 - 2015-02-19 13:47 - 00000000 ____D () C:\Windows\Panther
    2015-02-19 12:32 - 2015-02-19 13:47 - 00000000 ____D () C:\DELL

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-04 21:39 - 2014-11-20 23:42 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-04 21:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-03-04 17:00 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-03-04 13:24 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-04 13:23 - 2014-11-20 23:32 - 00012418 _____ () C:\Windows\PFRO.log
    2015-03-04 13:23 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-03-04 12:44 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\addins
    2015-03-04 12:07 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2015-03-04 01:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-03-03 15:34 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-02 21:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-03-02 21:22 - 2013-08-22 09:46 - 00014387 _____ () C:\Windows\setupact.log
    2015-03-02 20:54 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
    2015-03-02 20:02 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-02-19 13:45 - 2013-08-22 10:37 - 00003223 _____ () C:\Windows\DtcInstall.log
    2015-02-19 13:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Recovery
    2015-02-19 13:20 - 2013-08-22 09:44 - 00346744 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-19 12:56 - 2014-11-21 07:47 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-19 12:56 - 2014-11-21 07:47 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-19 12:56 - 2014-11-20 23:35 - 02472960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\setup
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-02-19 12:56 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-02-19 12:33 - 2013-08-22 09:45 - 00000000 ____D () C:\Windows\Setup
    2015-02-19 12:32 - 2013-08-22 10:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template

    ==================== Files in the root of some directories =======

    2015-02-19 13:14 - 2015-02-19 13:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-02-19 13:12 - 2015-02-19 13:13 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2015-02-19 13:09 - 2015-02-19 13:10 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2015-02-19 13:10 - 2015-02-19 13:11 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2015-02-19 13:11 - 2015-02-19 13:12 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2015-02-19 13:09 - 2015-02-19 13:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Some content of TEMP:
    ====================
    C:\Users\Richard\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Richard\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\Richard\AppData\Local\Temp\Quarantine.exe
    C:\Users\Richard\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-02-19 12:59

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
    Ran by Richard at 2015-03-04 21:40:58
    Running from C:\Users\Richard\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
    Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
    Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
    Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.16.0 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
    DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.201 - Dell Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.830 - Citrix Online, a division of Citrix Systems, Inc.)
    Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3939 - Intel Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    PC TuneUp Maestro (HKLM-x32\...\PC TuneUp Maestro) (Version: 6.2.3.255 - CompuClever Systems Inc.)
    QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
    ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
    ZoneAlarm Security Toolbar  (HKU\S-1-5-21-24153500-1835576470-324910953-1001\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points  =========================

    02-03-2015 21:31:47 Windows Live Essentials

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0DD5CF46-114D-466A-B98C-1E78526BA9A9} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
    Task: {1C6A4FA8-1C15-49F4-A6DF-24D3838F10CE} - System32\Tasks\PC TuneUp Maestro Scan SecondTime => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe [2015-01-29] (CompuClever Systems Inc)
    Task: {351F1D41-C9DC-42C9-81AB-835ADB93CADA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {530AA9E2-C02F-4406-9FF0-22DEAA4483FD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {6361248F-6180-429E-A197-C96BBEE08AC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
    Task: {89A80C96-F7CB-43ED-81D2-9E6B1FD8000F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {CB407976-07F4-4C68-8807-E4467FE91241} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {D5F2AFBF-EF75-4D01-A8FA-7AA18845E6E5} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
    Task: {DA7A9FB8-2349-4E09-88EC-35376AA750FA} - System32\Tasks\PC TuneUp Maestro Scan => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe [2015-01-29] (CompuClever Systems Inc)
    Task: {E178363D-4742-4AD0-91C8-88F6D9D15C8F} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-04] (Realtek Semiconductor)
    Task: {F38650B6-A240-4712-B1D3-9924CD00C77D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
    Task: {F52736C5-8239-461B-80E8-AFDEA4F31CB9} - System32\Tasks\PC TuneUp Maestro Disk Defrag Analysis => C:\Program Files (x86)\CompuClever\PC TuneUp Maestro\pctum.exe [2015-01-29] (CompuClever Systems Inc)
    Task: {F6819212-9782-480B-9589-2F36235211AB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-22] (Synaptics Incorporated)
    Task: {FC32B6B1-9DA8-4390-9924-6ECEEFD5C6BD} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-02-18 23:02 - 2014-02-18 23:02 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
    2015-02-19 13:24 - 2014-06-04 18:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
    2015-02-19 13:24 - 2014-06-04 18:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
    2015-02-19 12:43 - 2014-09-08 15:40 - 00456296 _____ () C:\Windows\system32\igfxTray.exe
    2014-09-02 14:40 - 2014-09-02 14:40 - 00462160 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
    2015-02-19 13:24 - 2014-07-03 00:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2015-03-02 20:40 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
    2015-03-02 20:40 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
    2015-03-02 20:40 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
    2014-09-02 14:40 - 2014-09-02 14:40 - 00214352 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
    2014-09-02 14:40 - 2014-09-02 14:40 - 00114000 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
    2015-02-19 13:10 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-11-24 14:39 - 2014-11-24 14:39 - 00155528 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
    2014-09-03 14:03 - 2014-09-03 14:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2015-02-19 13:24 - 2014-07-30 20:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2015-02-19 13:24 - 2012-11-26 02:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2015-02-19 13:22 - 2012-11-26 02:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Richard\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-24153500-1835576470-324910953-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Richard\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\andromeda.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    ==================== Accounts: =============================

    Administrator (S-1-5-21-24153500-1835576470-324910953-500 - Administrator - Disabled)
    Guest (S-1-5-21-24153500-1835576470-324910953-501 - Limited - Disabled)
    Richard (S-1-5-21-24153500-1835576470-324910953-1001 - Administrator - Enabled) => C:\Users\Richard

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/04/2015 09:39:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
    Faulting module name: uxtheme.dll, version: 6.3.9600.17415, time stamp: 0x54503957
    Exception code: 0xc0000005
    Fault offset: 0x000322ff
    Faulting process id: 0x1d3c
    Faulting application start time: 0xERUNT.exe0
    Faulting application path: ERUNT.exe1
    Faulting module path: ERUNT.exe2
    Report Id: ERUNT.exe3
    Faulting package full name: ERUNT.exe4
    Faulting package-relative application ID: ERUNT.exe5

    Error: (03/04/2015 11:13:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (03/03/2015 10:29:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/03/2015 10:12:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/03/2015 04:51:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/03/2015 04:39:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/03/2015 04:22:17 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

    Error: (03/03/2015 04:22:17 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.

    Error: (03/03/2015 04:21:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    System errors:
    =============
    Error: (03/04/2015 01:24:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/04/2015 01:23:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (03/04/2015 01:06:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys

    Error: (03/04/2015 00:44:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/04/2015 00:06:13 PM) (Source: DCOM) (EventID: 10010) (User: RICHARD)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (03/04/2015 00:05:43 PM) (Source: DCOM) (EventID: 10010) (User: RICHARD)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (03/04/2015 10:04:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    %%1

    Error: (03/04/2015 09:57:24 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/03/2015 10:35:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (03/03/2015 10:17:38 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer RICHARD-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7C8C4AD-8CAA-47B7-B760-F2CBA0062E1F}.
    The master browser is stopping or an election is being forced.

    Microsoft Office Sessions:
    =========================
    Error: (03/04/2015 09:39:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ERUNT.exe0.0.0.02a425e19uxtheme.dll6.3.9600.1741554503957c0000005000322ff1d3c01d056eda6530368C:\Windows\ERUNT.exeC:\Windows\system32\uxtheme.dlle4418d81-c2e0-11e4-8261-acd1b8c2c8ce

    Error: (03/04/2015 11:13:45 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (03/03/2015 10:29:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927151

    Error: (03/03/2015 10:12:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927151

    Error: (03/03/2015 04:51:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927151

    Error: (03/03/2015 04:39:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927151

    Error: (03/03/2015 04:22:17 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Richard\Downloads\esetsmartinstaller_enu.exe

    Error: (03/03/2015 04:22:17 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Richard\Downloads\esetsmartinstaller_enu.exe

    Error: (03/03/2015 04:21:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RICHARD)
    Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927151

    CodeIntegrity Errors:
    ===================================
      Date: 2015-03-02 20:02:35.394
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
    Percentage of memory in use: 33%
    Total physical RAM: 8103.66 MB
    Available physical RAM: 5369.64 MB
    Total Pagefile: 10023.66 MB
    Available Pagefile: 6375.64 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:921.8 GB) (Free:890.65 GB) NTFS
    Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:8.32 GB) (Free:0.73 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 373F1ACA)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

     

     

     

     

     


Edited by Orange Blossom, 04 March 2015 - 10:13 PM.
Moved from AII. ~ OB


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 PM

Posted 09 March 2015 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-24153500-1835576470-324910953-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M19E71F9D-9893-4A2E-AEEA-D2DBCC9EC5C3&SearchSource=55&CUI=&UM=8&UP=SPAB065D32-E01E-4DAD-8C57-88138903F950&SSPV=", "https://www.google.com/calendar/render?tab=wc", "hxxp://www.trovi.com/?gd=&ctid=CT3325290&octid=EB_ORIGINAL_CTID&ISID=MB226C762-40C0-4B88-AD75-9D50F0A88AD7&SearchSource=55&CUI=&UM=2&UP=SPF5B0D29A-D422-4A02-9F97-405BB8B3D4F2&SSPV=", "hxxp://websearch.fastsearchings.info/?pid=714&r=2014/07/16&hid=4093734464631692182&lg=EN&cc=US&unqvl=56"
U2 McMPFSvc; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 March 2015 - 10:26 AM

Hello Nasdaq-Thanks for your response.

Question-FRST is saved on my Desktop. It does not seem to be in a folder, it is just a notepad file. You instructed me: "Save the files as fixlist.txt into the same folder as FRST". Does that mean that I should name the new file with the contents of the codebox as fixlist.txt and copy the new notepad file to my desktop, or do you want me to add the new notepad file to fixlist.txt and re-name it Fixlist.txt? Please clarify. Btw, I also opened FRST64 on the desktop and realized belatedly that it was running Farbar again. I quickly cancelled it but it had started to run.

#4 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 March 2015 - 10:29 AM

I'm sorry Nasdaq-I have a typo. The message should have read:

 

Hello Nasdaq-Thanks for your response.

Question-FRST is saved on my Desktop. It does not seem to be in a folder, it is just a notepad file. You instructed me: "Save the files as fixlist.txt into the same folder as FRST". Does that mean that I should name the new file with the contents of the codebox as fixlist.txt and copy the new notepad file to my desktop, or do you want me to add the new notepad file to FRST and re-name it Fixlist.txt? Please clarify. Btw, I also opened FRST64 on the desktop and realized belatedly that it was running Farbar again. I quickly cancelled it but it had started to run.                  



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 PM

Posted 09 March 2015 - 01:17 PM

Does that mean that I should name the new file with the contents of the codebox as fixlist.txt and copy the new notepad file to my desktop


Yes. Then run Farbar and select the fix button.

#6 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 March 2015 - 05:58 PM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Richard at 2015-03-09 18:51:50 Run:1
Running from C:\Users\Richard\Desktop
Loaded Profiles: Richard (Available profiles: Richard)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-24153500-1835576470-324910953-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M19E71F9D-9893-4A2E-AEEA-D2DBCC9EC5C3&SearchSource=55&CUI=&UM=8&UP=SPAB065D32-E01E-4DAD-8C57-88138903F950&SSPV=", "https://www.google.com/calendar/render?tab=wc", "hxxp://www.trovi.com/?gd=&ctid=CT3325290&octid=EB_ORIGINAL_CTID&ISID=MB226C762-40C0-4B88-AD75-9D50F0A88AD7&SearchSource=55&CUI=&UM=2&UP=SPF5B0D29A-D422-4A02-9F97-405BB8B3D4F2&SSPV=", "hxxp://websearch.fastsearchings.info/?pid=714&r=2014/07/16&hid=4093734464631692182&lg=EN&cc=US&unqvl=56"
U2 McMPFSvc; No ImagePath

End
*****************

Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-24153500-1835576470-324910953-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
Chrome StartupUrls deleted successfully.
McMPFSvc => Service deleted successfully.

The system needed a reboot.

==== End of Fixlog 18:51:55 ====

 

AdwCleaner log to follow



#7 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 March 2015 - 06:15 PM

AdwCleaner log:

 

# AdwCleaner v4.112 - Logfile created 09/03/2015 at 19:07:45
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Richard - RICHARD
# Running from : C:\Users\Richard\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.fastsearchings.info_0.localstorage
File Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.fastsearchings.info_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v40.0.2214.115

[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=7f13f3f5731f45559c765c23fb6daeea&tu=10OWz00Cy2B0CO0&sku=&tstsId=&ver=&
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchya.com/?chnl=ft-100&s=1&cr=1219995138&cd=2XzutAtN2Y1L1Qzu0EtD0C0ByE0EtAtCyDzzyD0EtDyB0EzzzztN0D0TzutBtDtCtBtDtBtBzy&q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=714&r=2014/07/16&hid=4093734464631692182&lg=EN&cc=US&unqvl=56
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=714&r=2014/07/16&hid=4093734464631692182&lg=EN&cc=US&unqvl=56
[C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333889&octid=EB_ORIGINAL_CTID&ISID=M19E71F9D-9893-4A2E-AEEA-D2DBCC9EC5C3&SearchSource=58&CUI=&UM=8&UP=SPAB065D32-E01E-4DAD-8C57-88138903F950&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [6684 bytes] - [03/03/2015 01:58:56]
AdwCleaner[R1].txt - [1139 bytes] - [03/03/2015 12:07:13]
AdwCleaner[R2].txt - [1251 bytes] - [03/03/2015 17:03:17]
AdwCleaner[R3].txt - [1380 bytes] - [04/03/2015 14:21:51]
AdwCleaner[R4].txt - [3248 bytes] - [09/03/2015 19:02:16]
AdwCleaner[S0].txt - [6882 bytes] - [03/03/2015 02:00:37]
AdwCleaner[S1].txt - [1210 bytes] - [03/03/2015 12:09:43]
AdwCleaner[S2].txt - [1322 bytes] - [03/03/2015 17:04:25]
AdwCleaner[S3].txt - [1450 bytes] - [04/03/2015 14:23:20]
AdwCleaner[S4].txt - [3195 bytes] - [09/03/2015 19:07:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3254  bytes] ##########



#8 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 March 2015 - 06:35 PM

Thanks-so far so good: no Trovi

However, I have declared victory prematurely several times over the next week, so we should probably keep this case open for a few days to make sure Trovi does not reappear. Is there anything else you would like me to do?



#9 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 March 2015 - 07:22 PM

(Another) Correction:

 

Thanks-so far so good: no Trovi

However, I have declared victory prematurely several times over the  *PAST* week, so we should probably keep this case open for a few days to make sure Trovi does not reappear. Is there anything else you would like me to do?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 PM

Posted 10 March 2015 - 08:48 AM


One last scan.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#11 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 10 March 2015 - 11:00 AM

Results of screen317's Security Check version 0.99.97 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 PC TuneUp Maestro  
  Java 64-bit 8 Update 31 
 Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 CheckPoint ZoneAlarm vsmon.exe 
 CheckPoint ZoneAlarm ZaPrivacyService.exe 
 CheckPoint ZoneAlarm zatray.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Computer seems to be running well.
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 PM

Posted 10 March 2015 - 12:30 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 rberm

rberm
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 10 March 2015 - 01:56 PM

Thank you so much for all of your help!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:34 PM

Posted 11 March 2015 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users