Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Pop Ups and Browser Redirected


  • This topic is locked This topic is locked
18 replies to this topic

#1 twagoner

twagoner

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 10 March 2015 - 08:53 AM

After running Adwcleaner and Malwarebyte I'm still getting popups that tell me I have an infected computer and need to call 855-781-4769.  Also I'm running Symantec Endpoint Protection which warns me that I SupOptStats.dll.vir is infecting my system. The most recent time my browser was hijacked it went to danjur.com and soon I lost my internet connection.  After resetting my winsock I got the internet back, but I still get the popup warnings.  I just ran FRST and the files are attached.  Any help or suggestions would be appreciated.

Thank you in advance,

Tom

Attached Files



BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 13 March 2015 - 09:51 AM

Hi Tom,

Welcome to the BleepingComputer Support Forums! I am BlackBird and I'll be helping you during the malware removal process.

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


Registry Cleaner and Boost Programs Warning !!
Your logfiles show me that you're using Registry Cleaners and/or system 'boost' utilities. In your case: Advanced WindowsCare Personal, the registry-cleaner within CCleaner and Free Window Registry Repair. At BleepingComputer and several other computer related forums we advise to NOT use those kind of utilities. Please read this post: Why you should not use Registry Cleaners and Optimization Tools.


1. Please go to Start > Control Panel.
  • Click "Uninstall a Program".
  • In the Program List that opens, please delete the following items:
    • Google Toolbar for Internet Explorer
    • IsoBuster Toolbar
    • Java 8 Update 25
  • When done, please close all windows.
2. Please download to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
4. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
Please give me an update on your PC problems and also please include the fixlog.txt logfile and the new FRST regular scan logfile.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 13 March 2015 - 11:05 AM

Black_Bird, thanks for your quick reply.

I have followed your instructions and have attached the files you requested.  Attached File  Fixlog.txt   11.75KB   1 downloads  Attached File  FRST.txt   94.51KB   2 downloads

I also removed the registry cleaner and boost programs you mentioned, so I won't be tempted to use them.  I have noticed another problem.  When I open chrome I get 4 mystery tabs:

  1. http://--extensions-on-chrome-urls/
  2. http://--test-type/
  3. http://--load-extension%3Dc/Program%20Files/Google/Chrome/Application/Extensions/chrome/app/37.1329.12.24
  4. http://--load-component-extension%3Dc/Program%20Files/Google/Chrome/Application/Extensions/chrome/man

I believe this was happening before your fix was applied, but it's happening now after the fix.  I have looked at chrome settings and don't see them listed there.

Over the next day or two, I will use my computer normally and let you know if other problems appear, or if my original pop-ups and warnings re-appear.

Again,

Thanks

Tom 



#4 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 15 March 2015 - 08:27 AM

Hi Tom,
 
1. Please uninstall Google Chrome by following the steps below.
  • Go to Start > Control Panel.
  • Click "Uninstall a program"
  • In the Program List that opens, please delete the following item:
    • Google Chrome
  • When done, please close all windows and reboot your computer.
  • Now follow the steps mentioned in this article.
  • When done, please reboot your computer again.
2. Re-install Google Chrome and perform a full, clean installation.

Now please run FRST again and post the new logfile as an attachment in your next reply. Also please tell me what problems are left.

Good luck. :)
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#5 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 19 March 2015 - 11:25 AM

Black_bird,

I have uninstalled and re-installed Chrome according to your instructions.  The problems in Chrome have gone away - Thanks.

There are few issues that remain.  Symantec Endpoint Protections keeps warning me of the following:

  1. Traffic has been blocked from this application: NTOSKRNL.EXE
  2. SEP detection results  dwhe966.vir, dwkfb78.vr, dwh7f.c.vir, dwh105a.vir, dwh48a6.vir

I have run FRST and attached the new logfile.  Attached File  FRST.txt   96.17KB   1 downloads

 

Thanks again,

Tom



#6 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 19 March 2015 - 12:41 PM

Hi Tom,

Let's solve those problems! :)

1. Please download to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
4. Please remove fixlist.txt from your PC.

5. Perform a full system scan with your own virus scanner and remove anything it detects. If something was detected, please copy the results into your next reply - eventually by posting a screenshot. Don't forget to update it before scanning.

6. Reboot your PC.

7. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
8. Please go to VirusTotal
  • Please upload this file: M:\LaunchU3.exe
  • Allow the website to scan the file by using multiple virus scanners.
  • Also do this with the following files:
    • O:\LaunchU3.exe
    • C:\Windows\System32\notskrnl.exe
  • When done, please copy/paste the results of each file into a NotePad file and add it to your next post, as an attachment.
9. Give me an update on your PC problems, please. Also please post these logfiles:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Results from your virus scanner
  • Farbar Recovery Scan Tool - regular scan
  • Results from VirusTotal.com

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#7 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 20 March 2015 - 04:13 PM

Black_Bird,

Thanks.  I have followed your very clear instructions.  However, I had a problem with #8.  I was not able to locate:

  • M:\LaunchU3.exe
  • O:\LaunchU3.exe
  • C:\Windows\System32\notskrnl.exe

Otherwise all went well and I have attached the log-files that were generated. 

Thanks,

Tom

Attached Files

  • Attached File  log.zip   23.37KB   0 downloads


#8 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 20 March 2015 - 04:16 PM

Hi,

 

The files on the M- and O-drive are located on USB Thumb Drives or similar objects. Can you also please upload every logfile seperately? You'll make it easier for me that way.

Isn't there any ntoskrnl.exe in that folder?


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#9 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 20 March 2015 - 08:50 PM

Black_Bird,

Thank you for being patient.

I will try to upload the files separately.  When I did that originally, I received an error message that FRST.txt was too large and one file was of the wrong type to upload.  I thought a zip file would solve the problem. I will upload the two that are small enough and change the cvs file to a txt file.

As for the file called "ntoskrnl.exe"  it may exist.  I was searching for "notskrnl.exe".  Which is correct?

 

Thank you again,

Tom

Attached Files



#10 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 20 March 2015 - 09:29 PM

Hi,

 

ntoskrnl.exe is correct. I'll wait for the VirusTotal results. :)

 

You can just cut the FRST logfile in half, and post both of them. You can also copy/paste it in your reply.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#11 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 22 March 2015 - 08:17 AM

Black_Bird,

VirusTotal results:  https://www.virustotal.com/en/file/1accfef4c969653df1174d4de26c680ecdd02cca15fc45775c36da37662119cd/analysis/1427029863/

 

 

FRST logfile: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by TWW (administrator) on TWW-OFFICE-PC on 20-03-2015 15:41:15
Running from D:\Users\TWW\Desktop\FRST
Loaded Profiles: TWW (Available profiles: TWW & HomeGroupUser$)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
(ASUSTek) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\assysctrlservice.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(ASUS) C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
() C:\Program Files (x86)\Backblaze\bzserv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\TWW\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
() C:\Program Files (x86)\DriveXpert\xsrvsetup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\dvmexportservice.exe
() C:\Program Files (x86)\DriveXpert\DriveXpertSetup.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\seccopy.exe
(Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
() C:\Program Files (x86)\Backblaze\bzbui.exe
(Google Inc.) C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Macrovision                                                    ) C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Backblaze\bzfilelist.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Symantec) C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Symantec System Recovery 2013] => C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe [4157024 2013-12-15] (Symantec Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [pdfFactory Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe [755200 2015-03-09] (FinePrint Software, LLC)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77528 2015-01-12] (Intuit Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [PastaLeadsApplication] => C:\Program Files (x86)\pastaleads\PastaLeadsApplication.exe
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Google+ Auto Backup] => C:\Users\TWW\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Google Update] => C:\Users\TWW\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\seccopy.exe [3128616 2015-03-09] (Centered Systems)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2015-03-09] ()
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [MusicManager] => C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe [7475200 2015-03-09] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [GoogleChromeAutoLaunch_2C12F39044A2E90D6664679B1920B9E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\MountPoints2: {1b8f8827-4bae-11df-89fe-000272a92924} - O:\LaunchU3.exe -a
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\MountPoints2: {25d542cd-4f9e-11df-b65b-000272a92924} - O:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2015-03-09] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-1527947827-942829161-1498061186-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1527947827-942829161-1498061186-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-16] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2015-03-09] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\bin\IPS\IPSBHO.DLL [2014-07-31] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-16] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-16] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-16] (LastPass)
Toolbar: HKU\S-1-5-21-1527947827-942829161-1498061186-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.27/uploader2.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab
DPF: HKLM-x32 {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.1.9/UltraMJCamX.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://192.168.1.30/aplugLite.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://backstagepass.disney.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
DPF: HKLM-x32 {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
ShellExecuteHooks-x32: Quick View Plus - ShellExecute Hook - {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Windows\qvphook.dll [57344 2010-07-20] (Avantstar, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\TWW\AppData\Roaming\Mozilla\Firefox\Profiles\cuyr3qw6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-16] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-16] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-03-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @TRENDnet.com/CameraPlugin -> C:\Program Files (x86)\TRENDnet\Plugin\npcamstreamctrl.dll [2014-07-17] (TRENDnet)
FF Plugin-x32: @trendnet.com/trendnetcloud -> C:\Program Files (x86)\TRENDnet\npTRENDnetCloud.dll [2014-01-23] (TRENDnet)
FF Plugin-x32: @trendnet.com/TRENDnetCloudPlugin2 -> C:\Program Files (x86)\TRENDnetCloud2\Plugin\npTRENDnetCloud2.dll [2015-01-13] (TRENDnet)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\TWW\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\TWW\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @talk.google.com/O1DPlugin -> C:\Users\TWW\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @tools.google.com/Google Update;version=3 -> C:\Users\TWW\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @tools.google.com/Google Update;version=9 -> C:\Users\TWW\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-03-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\TWW\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TWW\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: LastPass - C:\Users\TWW\AppData\Roaming\Mozilla\Firefox\Profiles\cuyr3qw6.default\Extensions\support@lastpass.com [2015-03-16]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-11-07]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\IPSFF [2015-03-06]
FF HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332131&octid=EB_ORIGINAL_CTID&ISID=M071DC165-78C0-4EF6-A6A4-B911B763B7B1&SearchSource=55&CUI=&UM=8&UP=SPE5CD5470-1B9C-46E6-8541-AFDD76866ED6&SSPV=
CHR StartupUrls: Default -> "hxxp://www.netvibes.com/en#Welcome"
CHR Profile: C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Entanglement Web App) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]
CHR Extension: (YouTube) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-03-16]
CHR Extension: (Google Search) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]
CHR Extension: (Email this page (by Google)) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2015-03-16]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-16]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2015-03-16]
CHR Extension: (SnapPea Photos) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2015-03-16]
CHR Extension: (Google Play Music) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-03-16]
CHR Extension: (Keep Last Two Tabs) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnmaiiahjldikaollhjobhchdbhfhgf [2015-03-16]
CHR Extension: (Google Sheets) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-03-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-16]
CHR Extension: (Obvibase: a truly simple database) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoddinokjifhganfcgkjmkkngljebjdj [2015-03-16]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-03-16]
CHR Extension: (PDF to Word Converter App) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2015-03-16]
CHR Extension: (My Browser Page) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2015-03-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Poppit!) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-03-16]
CHR Extension: (iCloud Dashboard) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
CHR Extension: (Print Friendly & PDF) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-03-16]
CHR Extension: (Gmail) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TWW\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-18]
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlfgjgjocindbigfeflefmjheagmnjob] - C:\Users\TWW\AppData\Local\CRE\hlfgjgjocindbigfeflefmjheagmnjob.crx [Not Found]
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hlfgjgjocindbigfeflefmjheagmnjob] - C:\Users\TWW\AppData\Local\CRE\hlfgjgjocindbigfeflefmjheagmnjob.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2015-03-09] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)
R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [234600 2015-03-09] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DriveXpert; C:\Program Files (x86)\DriveXpert\XSrvSetup.exe [69632 2015-03-09] () [File not signed]
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2015-03-09] (DeviceVM, Inc.) [File not signed]
R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
S3 GenericMount Helper Service; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [1921808 2013-11-15] (Symantec)
S2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [19456 2015-03-09] (Silicondust USA Inc) [File not signed]
S3 HitmanPro37Crusader; D:\Users\TWW\Downloads\HitmanPro_x64.exe [10995632 2015-03-09] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [85184 2010-02-26] (Macrovision                                                    )
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-12-11] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-04-18] (LogMeIn, Inc.)
R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe [144496 2014-07-31] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe [2379128 2014-07-31] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe [335216 2014-07-31] (Symantec Corporation)
R2 Symantec System Recovery; C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [6192736 2013-12-15] (Symantec Corporation)
R3 SymTrackService; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe [2979576 2013-12-14] (Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-01-30] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-02] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\BASHDefs\20150307.011\BHDrvx64.sys [1622744 2015-02-24] (Symantec Corporation)
R1 ccSettings_{690CFB39-3E68-4966-A470-3A946C640A12}; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\ccSetx64.sys [169048 2014-07-31] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-19] (Symantec Corporation)
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2010-03-03] (ASUSTeK Computer Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-19] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [69208 2012-08-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\IPSDefs\20150319.011\IDSvia64.sys [637656 2015-03-05] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20150320.001\ENG64.SYS [129752 2015-02-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20150320.001\EX64.SYS [2137304 2015-02-19] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-19] (Windows ® Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows ® Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSP64.SYS [867032 2014-07-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSPX64.SYS [36952 2014-07-31] (Symantec Corporation)
R0 SSRFsF; C:\Windows\System32\DRIVERS\SSRFsF.sys [28432 2013-12-14] (Symantec)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\SyDvCtrl64.sys [35432 2014-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMDS64.SYS [493656 2014-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMEFA64.SYS [1148120 2014-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\Ironx64.SYS [225496 2014-07-31] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMNETS.SYS [437976 2014-07-31] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155472 2015-03-06] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [104472 2014-07-31] (Symantec Corporation)
R3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows ® Codename Longhorn DDK provider)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [22104 2013-11-07] (Symantec Corporation)
R0 VTrack; C:\Windows\System32\DRIVERS\VTrack.sys [350712 2013-12-14] (Symantec)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
S3 ATICDSDr; \??\C:\Users\TWW\AppData\Local\Temp\ATICDSDr.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U0 symsnap; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 09:33 - 2015-03-20 09:33 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\InstallShield
2015-03-16 15:59 - 2015-03-16 15:59 - 00002296 _____ () C:\Users\public\Desktop\Google Chrome.lnk
2015-03-16 15:59 - 2015-03-16 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-16 15:56 - 2015-03-16 15:57 - 00000000 ____D () C:\Users\TWW\AppData\Local\Deployment
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\Users\TWW\Tracing
2015-03-13 11:07 - 2015-03-19 11:24 - 00000000 __SHD () C:\.VTrack
2015-03-13 11:07 - 2015-03-13 11:07 - 00004096 ___SH () C:\VTrackDiskControl.ctl
2015-03-13 10:45 - 2015-03-20 15:42 - 00000012 ____H () C:\dvmexp.idx
2015-03-13 10:33 - 2015-03-20 15:29 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-03-11 06:55 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 06:55 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 06:55 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 06:55 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 06:55 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 06:55 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 06:55 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 06:55 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 06:55 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 06:55 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:55 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 06:55 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 06:55 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 06:55 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 06:55 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 06:55 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 06:55 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 06:55 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 06:55 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 06:55 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 06:55 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 06:55 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 06:55 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 06:55 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 06:55 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 06:55 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 06:55 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 06:55 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 06:55 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 06:55 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 06:55 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 06:55 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 06:55 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 06:55 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 06:54 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 06:54 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 06:54 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 06:54 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 06:54 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 06:54 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 06:54 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 06:54 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 06:54 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 06:54 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 06:54 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 06:54 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 06:54 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 06:54 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:54 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:54 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 06:54 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 06:54 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 06:54 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 06:54 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 06:54 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 06:53 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:53 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 06:53 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 06:53 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 06:53 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 06:53 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 06:53 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 06:53 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 06:53 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 06:53 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 06:53 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 06:53 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 06:53 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 06:53 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 06:53 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 06:53 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 06:53 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 06:53 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 06:53 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 06:53 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 06:53 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 06:53 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 06:53 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 06:53 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 06:53 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 06:53 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 06:53 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 06:53 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 06:53 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 06:53 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 06:53 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 06:53 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 06:53 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 06:53 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 06:53 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 06:53 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 06:53 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 06:53 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 06:53 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 06:53 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 06:53 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 06:53 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 06:53 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 06:53 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 06:53 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 06:53 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 06:53 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 06:53 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 06:53 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 06:53 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 06:53 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 06:53 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 06:53 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 06:53 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 06:53 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 06:53 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 06:53 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 06:53 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:53 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 06:53 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:53 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:53 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:53 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00580096 _____ () C:\Windows\system32\ac3filter64.acm
2015-03-11 06:52 - 2015-03-11 06:52 - 00580096 _____ () C:\Windows\system32\ac3filter.acm
2015-03-11 06:52 - 2015-03-11 06:52 - 00227328 _____ () C:\Windows\system32\xvidvfw.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00136704 _____ () C:\Windows\system32\ff_vfw.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00108032 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00050688 _____ () C:\Windows\SysWOW64\ff_acm.acm
2015-03-10 15:39 - 2015-03-10 15:39 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\22366
2015-03-09 18:30 - 2015-03-09 18:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-09 18:30 - 2015-03-09 18:30 - 00000216 _____ () C:\Windows\system32\bootdelete.lst
2015-03-09 17:07 - 2015-03-09 17:07 - 00278528 ____N (FinePrint Software, LLC) C:\Windows\system32\fppmon3.dll
2015-03-09 17:07 - 2015-03-09 17:07 - 00065344 _____ () C:\Windows\system32\pdfredirectmon64.dll
2015-03-09 07:38 - 2015-03-09 07:38 - 00007482 _____ () C:\Windows\system32\.crusader
2015-03-09 07:25 - 2015-03-09 07:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-08 09:16 - 2015-03-08 09:18 - 00045382 _____ () C:\Windows\DPINST.LOG
2015-03-07 15:33 - 2015-03-20 15:41 - 00000000 ____D () C:\FRST
2015-03-06 14:04 - 2015-03-08 07:57 - 00000000 ____D () C:\ProgramData\Tuneup computer
2015-03-06 08:33 - 2015-03-06 08:33 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-03-06 08:33 - 2015-03-06 08:33 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-03-06 08:32 - 2015-03-06 08:32 - 00577392 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00462192 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00421232 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00363376 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00158576 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00155472 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2015-03-06 08:32 - 2015-03-06 08:32 - 00136560 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00057200 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00051056 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00045088 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2015-03-06 08:32 - 2015-03-06 08:32 - 00012656 _____ (Symantec Corporation) C:\Windows\system32\sysferThunk.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00011632 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysferThunk.dll
2015-03-06 08:31 - 2015-03-06 08:31 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2015-03-06 08:30 - 2015-03-06 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2015-03-06 08:30 - 2015-03-06 08:30 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2015-03-06 07:59 - 2014-03-04 06:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-06 07:22 - 2015-03-06 07:22 - 00003690 _____ () C:\Windows\System32\Tasks\boosterpop
2015-03-06 07:22 - 2015-03-06 07:22 - 00003688 _____ () C:\Windows\System32\Tasks\IEError
2015-03-06 07:22 - 2015-03-06 07:22 - 00003504 _____ () C:\Windows\System32\Tasks\AI_Updater
2015-03-06 07:21 - 2015-03-06 07:21 - 00000000 ____D () C:\Users\TWW\AppData\Local\PCTuner1
2015-03-05 08:31 - 2015-03-20 15:33 - 00005544 _____ () C:\Windows\setupact.log
2015-03-05 08:31 - 2015-03-20 15:29 - 00053292 _____ () C:\Windows\PFRO.log
2015-03-05 08:31 - 2015-03-05 08:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-05 08:22 - 2015-03-05 08:22 - 00000000 ____D () C:\ProgramData\COMODO
2015-03-04 20:22 - 2015-03-04 20:22 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2015-03-04 19:41 - 2015-03-04 19:42 - 00000000 ____D () C:\Program Files\Windows XP Mode
2015-03-03 15:50 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 15:50 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 15:50 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 15:50 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-03 09:47 - 2015-03-03 09:47 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\IBM
2015-03-03 09:47 - 2015-03-03 09:47 - 00000000 ____D () C:\ProgramData\IBM
2015-02-25 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 19:13 - 2015-03-03 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\Program Files\iTunes
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-20 15:41 - 2014-05-07 17:42 - 01352453 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 15:40 - 2009-07-14 00:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 15:39 - 2014-10-11 06:48 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TWW-OFFICE-PC-TWW TWW-OFFICE-PC
2015-03-20 15:39 - 2012-12-28 16:24 - 00000000 ____D () C:\ProgramData\FingerPrintService
2015-03-20 15:35 - 2012-01-22 13:54 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527947827-942829161-1498061186-1001UA.job
2015-03-20 15:34 - 2010-02-19 00:48 - 00000000 ___HD () C:\temp
2015-03-20 15:33 - 2012-09-18 05:46 - 00000000 ___RD () C:\Users\TWW\Google Drive
2015-03-20 15:33 - 2010-02-19 06:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-20 15:32 - 2014-10-14 20:00 - 00000000 ___RD () C:\Users\TWW\iCloudDrive
2015-03-20 15:32 - 2010-02-21 09:45 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Skype
2015-03-20 15:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-20 15:29 - 2010-08-18 18:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-20 15:26 - 2010-02-19 17:31 - 00000000 ___RD () C:\Users\TWW\Virtual Machines
2015-03-20 15:25 - 2010-02-19 06:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 15:19 - 2012-04-09 18:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 15:16 - 2014-05-07 11:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-20 09:34 - 2010-02-19 00:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 09:31 - 2014-04-23 11:38 - 00000000 ____D () C:\Users\TWW\AppData\Local\CrashDumps
2015-03-19 17:35 - 2012-01-22 13:54 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527947827-942829161-1498061186-1001Core.job
2015-03-19 17:09 - 2009-07-13 23:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 17:09 - 2009-07-13 23:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 11:23 - 2011-10-01 14:55 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\.oit
2015-03-17 20:16 - 2010-10-17 11:00 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\HandBrake
2015-03-16 20:46 - 2011-02-20 13:52 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-16 20:46 - 2011-02-20 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-16 20:46 - 2010-02-18 18:06 - 00001192 _____ () C:\Users\public\Desktop\My LastPass Vault.lnk
2015-03-16 20:46 - 2010-02-18 18:06 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-16 20:30 - 2011-09-21 18:35 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\vlc
2015-03-16 15:59 - 2010-02-19 01:24 - 00000000 ____D () C:\Users\TWW\AppData\Local\Google
2015-03-16 15:59 - 2010-02-19 00:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 15:56 - 2010-02-19 11:29 - 00000000 ____D () C:\Users\TWW\AppData\Local\Apps\2.0
2015-03-16 15:16 - 2010-02-18 16:57 - 00000000 ____D () C:\Users\TWW
2015-03-15 09:09 - 2015-02-13 04:24 - 00000020 _____ () C:\Users\TWW\AppData\Roaming\appdataFr3.bin
2015-03-15 07:28 - 2010-02-21 09:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 07:27 - 2010-02-21 09:30 - 00000000 ____D () C:\ProgramData\Skype
2015-03-13 17:57 - 2012-01-20 13:27 - 00000000 ____D () C:\Users\TWW\Calibre Library
2015-03-13 17:18 - 2012-01-20 09:07 - 00001001 _____ () C:\Users\public\Desktop\calibre - E-book management.lnk
2015-03-13 17:18 - 2012-01-20 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-03-13 17:18 - 2012-01-20 09:07 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-03-13 15:01 - 2014-08-16 11:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 10:33 - 2010-02-19 00:24 - 00000000 ____D () C:\Program Files\Google
2015-03-13 10:27 - 2010-04-04 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TWW Utilities
2015-03-13 10:25 - 2010-03-01 18:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-13 10:12 - 2010-02-19 00:24 - 00000000 ____D () C:\ProgramData\Google
2015-03-13 09:47 - 2010-03-01 09:46 - 00007600 _____ () C:\Users\TWW\AppData\Local\resmon.resmoncfg
2015-03-12 06:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 04:09 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 03:58 - 2009-07-13 23:45 - 00462040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:36 - 2014-05-04 13:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-12 03:36 - 2010-02-19 10:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:18 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 03:16 - 2013-07-10 22:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:07 - 2010-02-18 17:11 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:15 - 2015-02-15 13:14 - 00000000 ____D () C:\AdwCleaner
2015-03-11 06:52 - 2013-03-03 18:11 - 00000000 ____D () C:\Program Files\Handbrake
2015-03-11 06:52 - 2011-03-17 13:26 - 00000000 ____D () C:\Program Files (x86)\Exifer
2015-03-10 15:41 - 2014-07-06 23:04 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 US
2015-03-10 07:16 - 2012-09-18 05:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-09 17:08 - 2014-07-13 15:21 - 00000000 ____D () C:\Program Files (x86)\Backblaze
2015-03-09 17:07 - 2013-10-07 13:30 - 00000000 ____D () C:\Program Files (x86)\Project1
2015-03-09 17:07 - 2012-03-19 06:38 - 00000000 ____D () C:\Program Files\Easy File Locker
2015-03-09 17:07 - 2010-09-10 15:25 - 00000000 ____D () C:\Program Files (x86)\Second Copy 8
2015-03-09 17:07 - 2010-02-18 23:35 - 00000000 ____D () C:\Program Files (x86)\DriveXpert
2015-03-09 07:38 - 2015-01-19 11:48 - 00000000 ____D () C:\ProgramData\{217c942c-82a6-a9a9-217c-c942c82a50b2}
2015-03-08 09:18 - 2013-02-03 10:08 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2015-03-08 09:18 - 2013-02-03 10:08 - 00000968 _____ () C:\Users\public\Desktop\VueScan x64.lnk
2015-03-08 09:18 - 2013-02-03 10:08 - 00000000 ____D () C:\Program Files\VueScan
2015-03-07 18:58 - 2014-05-07 11:43 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\TeamViewer
2015-03-06 14:58 - 2013-04-24 17:16 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-06 13:24 - 2010-02-24 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2015-03-06 08:50 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-06 08:33 - 2013-04-24 17:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-06 08:30 - 2013-04-24 17:19 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-03-06 08:04 - 2013-07-21 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-06 07:59 - 2010-08-18 22:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-06 07:57 - 2010-08-18 18:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-05 19:16 - 2014-10-04 15:10 - 00000000 ____D () C:\Users\TWW\AppData\Local\CloudStation
2015-03-05 16:15 - 2013-05-22 09:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-03-05 16:15 - 2010-09-04 08:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-05 16:15 - 2010-02-19 00:00 - 00000000 ____D () C:\Windows\pss
2015-03-05 16:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-05 16:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-05 16:05 - 2015-02-15 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-05 16:05 - 2014-02-22 10:13 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-05 10:34 - 2013-09-16 06:32 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Wandoujia2
2015-03-05 10:06 - 2012-06-29 09:25 - 00450776 ____R () C:\Windows\system32\Drivers\etc\hosts.bad
2015-03-05 10:03 - 2010-02-24 17:24 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-05 09:55 - 2013-01-20 20:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2015-03-05 09:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-05 08:19 - 2013-10-18 07:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-05 08:19 - 2010-02-19 08:12 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 04:21 - 2012-12-28 16:24 - 00000000 ____D () C:\Users\TWW\AppData\Local\FingerPrint
2015-03-03 11:56 - 2012-11-23 15:35 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\WindSolutions
2015-03-03 11:54 - 2012-11-23 15:35 - 00000000 ____D () C:\ProgramData\WindSolutions
2015-03-03 09:47 - 2010-02-18 16:57 - 00000000 ____D () C:\Users\TWW\AppData\Local\VirtualStore
2015-03-03 08:17 - 2010-02-18 17:10 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 00:32 - 2010-02-21 08:43 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 12:46 - 2013-03-02 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RootsMagic 6
2015-02-28 12:46 - 2013-03-02 21:02 - 00000000 ____D () C:\Program Files (x86)\RootsMagic 6
2015-02-24 17:39 - 2013-09-19 06:48 - 00000000 ___RD () C:\Users\TWW\Dropbox
2015-02-20 19:13 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-20 19:13 - 2012-10-15 11:02 - 00001754 _____ () C:\Users\public\Desktop\iTunes.lnk
2015-02-19 18:40 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-19 11:43 - 2012-07-05 13:35 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\dvdcss
2015-02-19 06:32 - 2014-12-04 11:00 - 00001012 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-19 06:32 - 2014-12-04 11:00 - 00001000 _____ () C:\Users\public\Desktop\TeamViewer 10.lnk
 
==================== Files in the root of some directories =======
 
2011-06-14 19:22 - 2011-06-14 19:22 - 0081408 _____ (Microsoft Corporation) C:\Program Files (x86)\taskkill.exe
2011-02-20 13:50 - 2015-03-16 20:46 - 14242360 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-02-13 04:24 - 2015-03-15 09:09 - 0000020 _____ () C:\Users\TWW\AppData\Roaming\appdataFr3.bin
2013-12-10 13:24 - 2013-12-10 13:24 - 0038490 _____ () C:\Users\TWW\AppData\Roaming\Comma Separated Values (DOS).ADR
2012-06-03 12:24 - 2013-04-06 05:44 - 0038498 _____ () C:\Users\TWW\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-04-06 11:04 - 2013-04-05 23:58 - 0010118 _____ () C:\Users\TWW\AppData\Roaming\Comma Separated Values (Windows).CAL
2011-04-23 23:40 - 2014-03-02 11:01 - 0001007 _____ () C:\Users\TWW\AppData\Roaming\ConvAPIPlugin.log
2010-02-26 16:28 - 2013-05-13 11:14 - 0000209 _____ () C:\Users\TWW\AppData\Roaming\default.rss
2010-06-02 11:23 - 2010-06-02 11:23 - 0000000 _____ () C:\Users\TWW\AppData\Roaming\downloads.m3u
2010-10-17 12:55 - 2011-08-28 07:07 - 0099384 _____ () C:\Users\TWW\AppData\Roaming\inst.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\TWW\AppData\Roaming\LMGJ
2012-07-11 08:15 - 2012-07-11 08:15 - 0038426 _____ () C:\Users\TWW\AppData\Roaming\Microsoft Access 97-2003.ADR
2012-11-28 20:40 - 2012-11-28 20:48 - 0038485 _____ () C:\Users\TWW\AppData\Roaming\Microsoft Excel 97-2003.ADR
2010-10-17 12:55 - 2011-08-28 07:07 - 0007859 _____ () C:\Users\TWW\AppData\Roaming\pcouffin.cat
2010-10-17 12:55 - 2011-08-28 07:07 - 0001167 _____ () C:\Users\TWW\AppData\Roaming\pcouffin.inf
2010-10-17 12:56 - 2011-08-28 07:07 - 0000055 _____ () C:\Users\TWW\AppData\Roaming\pcouffin.log
2010-10-17 12:55 - 2011-08-28 07:07 - 0082816 _____ (VSO Software) C:\Users\TWW\AppData\Roaming\pcouffin.sys
2011-06-16 05:29 - 2011-06-16 05:31 - 0000077 _____ () C:\Users\TWW\AppData\Roaming\Rim.Desktop.Exception.log
2010-12-25 23:04 - 2012-04-06 18:00 - 0003174 _____ () C:\Users\TWW\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-04-08 13:53 - 2014-04-09 00:53 - 0000089 _____ () C:\Users\TWW\AppData\Roaming\WB.CFG
2010-04-13 19:48 - 2014-12-29 14:37 - 0215040 _____ () C:\Users\TWW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-14 14:21 - 2012-10-14 14:21 - 0000001 _____ () C:\Users\TWW\AppData\Local\llftool.4.25.agreement
2012-10-14 14:26 - 2012-10-14 14:26 - 0000001 _____ () C:\Users\TWW\AppData\Local\RawCopy.1.02.agreement
2012-10-14 14:27 - 2012-10-14 14:27 - 0000022 _____ () C:\Users\TWW\AppData\Local\RawCopy.savedialog.dir
2012-10-14 14:27 - 2012-10-14 14:27 - 0000001 _____ () C:\Users\TWW\AppData\Local\RawCopy.savedialog.filterindex
2012-10-14 14:26 - 2012-10-14 14:26 - 0000001 _____ () C:\Users\TWW\AppData\Local\RawCopy.sourcedisk.index
2010-03-01 09:46 - 2015-03-13 09:47 - 0007600 _____ () C:\Users\TWW\AppData\Local\resmon.resmoncfg
2011-11-28 23:19 - 2011-11-28 23:19 - 0000008 __RSH () C:\Users\TWW\AppData\Local\ℤ™☠
2014-03-06 17:46 - 2014-03-06 17:46 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-02-21 09:51 - 2010-02-21 09:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-03-22 13:42 - 2014-03-06 18:03 - 0014582 _____ () C:\ProgramData\hpzinstall.log
2011-11-19 17:06 - 2014-11-19 17:09 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-07-06 14:37 - 2012-07-07 10:53 - 0020531 ____H () C:\ProgramData\W77X4
 
Some content of TEMP:
====================
C:\Users\TWW\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TWW\AppData\Local\Temp\SpOrder.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 00:42
 
==================== End Of Log ============================


#12 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 22 March 2015 - 01:03 PM

Hi,

 

I don't see any of the Virustotal results for M:\LaunchU3.exe and O:\LaunchU3.exe. You have to upload the files seperately and save each link with results for me, please. Can you please try this again? :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#13 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 22 March 2015 - 02:34 PM

I cannot find  M:\LaunchU3.exe and O:\LaunchU3.exe.  In an earlier post you suggested that they may be on thumbs drives.  I have looked through and searched all four of my tumb drives and did not find those files.  I must be missing something simple.  I made sure that I was able to few hidden files.  Perhaps i should re-format those drives to avoid problems?

Any suggestions?

And thanks.

Tom



#14 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:34 AM

Posted 22 March 2015 - 02:48 PM

Hi,

 

No need to do that, thanks. Please do the following steps:

 

1. Please download to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.


3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


4. Please remove fixlist.txt from your PC.

5. Please reboot your PC.

6. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


7. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#15 twagoner

twagoner
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Illinois, USA
  • Local time:10:34 PM

Posted 22 March 2015 - 04:01 PM

Blak_Bird,

Here are the three log files you requested.

I will run my computer normally for a day and let you know if any problems arise,

Thanks,

Tom

 

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/22/2015 03:09:40 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 2480) [WD-HEUR]
 * C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 2520) [WD-HEUR]
 * C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe (PID: 4304) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 03/22/2015 03:15:26 PM
Execution time: 0 hours(s), 5 minute(s), and 45 seconds(s)
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by TWW at 2015-03-22 15:17:32 Run:3
Running from D:\Users\TWW\Desktop\FRST
Loaded Profiles: TWW (Available profiles: TWW & HomeGroupUser$)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/22/2015 03:09:40 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 2480) [WD-HEUR]
 * C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 2520) [WD-HEUR]
 * C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe (PID: 4304) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 03/22/2015 03:15:26 PM
Execution time: 0 hours(s), 5 minute(s), and 45 seconds(s)
 
*****************
 
Rkill 2.7.0 by Lawrence Abrams (Grinler) => Error: No automatic fix found for this entry.
http://www.bleepingcomputer.com/ => Error: No automatic fix found for this entry.
Copyright 2008-2015 BleepingComputer.com => Error: No automatic fix found for this entry.
More Information about Rkill can be found at this link: => Error: No automatic fix found for this entry.
http://www.bleepingcomputer.com/forums/topic308364.html => Error: No automatic fix found for this entry.
Program started at: 03/22/2015 03:09:40 PM in x64 mode. => Error: No automatic fix found for this entry.
Windows Version: Windows 7 Ultimate Service Pack 1 => Error: No automatic fix found for this entry.
Checking for Windows services to stop: => Error: No automatic fix found for this entry.
* No malware services found to stop. => Error: No automatic fix found for this entry.
Checking for processes to terminate: => Error: No automatic fix found for this entry.
* C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 2480) [WD-HEUR] => Error: No automatic fix found for this entry.
* C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 2520) [WD-HEUR] => Error: No automatic fix found for this entry.
* C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe (PID: 4304) [UP-HEUR] => Error: No automatic fix found for this entry.
3 proccesses terminated! => Error: No automatic fix found for this entry.
Checking Registry for malware related settings: => Error: No automatic fix found for this entry.
* No issues found in the Registry. => Error: No automatic fix found for this entry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry. => Error: No automatic fix found for this entry.
Performing miscellaneous checks: => Error: No automatic fix found for this entry.
* No issues found. => Error: No automatic fix found for this entry.
Checking Windows Service Integrity: => Error: No automatic fix found for this entry.
* No issues found. => Error: No automatic fix found for this entry.
Searching for Missing Digital Signatures: => Error: No automatic fix found for this entry.
* No issues found. => Error: No automatic fix found for this entry.
Checking HOSTS File: => Error: No automatic fix found for this entry.
* Cannot edit the HOSTS file. => Error: No automatic fix found for this entry.
* Permissions Fixed. Administrators can now edit the HOSTS file. => Error: No automatic fix found for this entry.
* HOSTS file entries found: => Error: No automatic fix found for this entry.
127.0.0.1 www.007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 008i.com => Error: No automatic fix found for this entry.
127.0.0.1 www.008k.com => Error: No automatic fix found for this entry.
127.0.0.1 008k.com => Error: No automatic fix found for this entry.
127.0.0.1 www.00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 010402.com => Error: No automatic fix found for this entry.
127.0.0.1 www.032439.com => Error: No automatic fix found for this entry.
127.0.0.1 032439.com => Error: No automatic fix found for this entry.
127.0.0.1 www.0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 100sexlinks.com => Error: No automatic fix found for this entry.
20 out of 15494 HOSTS entries shown. => Error: No automatic fix found for this entry.
Please review HOSTS file for further entries. => Error: No automatic fix found for this entry.
Program finished at: 03/22/2015 03:15:26 PM => Error: No automatic fix found for this entry.
Execution time: 0 hours(s), 5 minute(s), and 45 seconds(s) => Error: No automatic fix found for this entry.
 
==== End of Fixlog 15:17:33 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by TWW (administrator) on TWW-OFFICE-PC on 22-03-2015 15:35:44
Running from D:\Users\TWW\Desktop\FRST
Loaded Profiles: TWW (Available profiles: TWW & HomeGroupUser$)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\assysctrlservice.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Backblaze\bzserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intuit Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\TWW\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
() C:\Program Files (x86)\DriveXpert\xsrvsetup.exe
(Centered Systems) C:\Program Files (x86)\Second Copy 8\seccopy.exe
() C:\Program Files (x86)\Backblaze\bzbui.exe
(Google Inc.) C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\dvmexportservice.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
() C:\Program Files (x86)\DriveXpert\DriveXpertSetup.exe
(Collobos Software) C:\Program Files (x86)\FingerPrint\FingerPrintService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Macrovision                                                    ) C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Motorola) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe
(ASUS) C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ASUS) C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook64.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Backblaze\bzfilelist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Symantec) C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Symantec System Recovery 2013] => C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe [4157024 2013-12-15] (Symantec Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1702400 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [pdfFactory Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe [755200 2015-03-09] (FinePrint Software, LLC)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77528 2015-01-12] (Intuit Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [PastaLeadsApplication] => C:\Program Files (x86)\pastaleads\PastaLeadsApplication.exe
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Google+ Auto Backup] => C:\Users\TWW\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Google Update] => C:\Users\TWW\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\seccopy.exe [3128616 2015-03-09] (Centered Systems)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2015-03-09] ()
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [MusicManager] => C:\Users\TWW\AppData\Local\Programs\Google\MusicManager\musicmanager.exe [7475200 2015-03-09] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Run: [GoogleChromeAutoLaunch_2C12F39044A2E90D6664679B1920B9E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\MountPoints2: {1b8f8827-4bae-11df-89fe-000272a92924} - O:\LaunchU3.exe -a
HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\MountPoints2: {25d542cd-4f9e-11df-b65b-000272a92924} - O:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [493672 2015-03-09] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\TWW\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-1527947827-942829161-1498061186-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1527947827-942829161-1498061186-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-16] (LastPass)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2015-03-09] (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\bin\IPS\IPSBHO.DLL [2014-07-31] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-16] (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-16] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-16] (LastPass)
Toolbar: HKU\S-1-5-21-1527947827-942829161-1498061186-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.27/uploader2.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab
DPF: HKLM-x32 {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.1.9/UltraMJCamX.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://192.168.1.30/aplugLite.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: HKLM-x32 {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://backstagepass.disney.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
DPF: HKLM-x32 {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
ShellExecuteHooks-x32: Quick View Plus - ShellExecute Hook - {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\Windows\qvphook.dll [57344 2010-07-20] (Avantstar, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\TWW\AppData\Roaming\Mozilla\Firefox\Profiles\cuyr3qw6.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-16] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-16] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-03-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll No File
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-11-07] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @TRENDnet.com/CameraPlugin -> C:\Program Files (x86)\TRENDnet\Plugin\npcamstreamctrl.dll [2014-07-17] (TRENDnet)
FF Plugin-x32: @trendnet.com/trendnetcloud -> C:\Program Files (x86)\TRENDnet\npTRENDnetCloud.dll [2014-01-23] (TRENDnet)
FF Plugin-x32: @trendnet.com/TRENDnetCloudPlugin2 -> C:\Program Files (x86)\TRENDnetCloud2\Plugin\npTRENDnetCloud2.dll [2015-01-13] (TRENDnet)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\TWW\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\TWW\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @talk.google.com/O1DPlugin -> C:\Users\TWW\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @tools.google.com/Google Update;version=3 -> C:\Users\TWW\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1527947827-942829161-1498061186-1001: @tools.google.com/Google Update;version=9 -> C:\Users\TWW\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-03-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\TWW\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TWW\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: LastPass - C:\Users\TWW\AppData\Roaming\Mozilla\Firefox\Profiles\cuyr3qw6.default\Extensions\support@lastpass.com [2015-03-16]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-11-07]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\IPSFF [2015-03-06]
FF HKU\S-1-5-21-1527947827-942829161-1498061186-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332131&octid=EB_ORIGINAL_CTID&ISID=M071DC165-78C0-4EF6-A6A4-B911B763B7B1&SearchSource=55&CUI=&UM=8&UP=SPE5CD5470-1B9C-46E6-8541-AFDD76866ED6&SSPV=
CHR StartupUrls: Default -> "hxxp://www.netvibes.com/en#Welcome"
CHR Profile: C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Entanglement Web App) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]
CHR Extension: (YouTube) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2015-03-16]
CHR Extension: (Google Search) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]
CHR Extension: (Email this page (by Google)) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2015-03-16]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-03-16]
CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2015-03-16]
CHR Extension: (SnapPea Photos) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\epindigjbiphgfhnmlpcocaiafjgbabe [2015-03-16]
CHR Extension: (Google Play Music) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-03-16]
CHR Extension: (Keep Last Two Tabs) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnmaiiahjldikaollhjobhchdbhfhgf [2015-03-16]
CHR Extension: (Google Sheets) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-03-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-16]
CHR Extension: (Obvibase: a truly simple database) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoddinokjifhganfcgkjmkkngljebjdj [2015-03-16]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-03-16]
CHR Extension: (PDF to Word Converter App) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2015-03-16]
CHR Extension: (My Browser Page) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2015-03-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Poppit!) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-03-16]
CHR Extension: (iCloud Dashboard) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
CHR Extension: (Print Friendly & PDF) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-03-16]
CHR Extension: (Gmail) - C:\Users\TWW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TWW\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-18]
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlfgjgjocindbigfeflefmjheagmnjob] - C:\Users\TWW\AppData\Local\CRE\hlfgjgjocindbigfeflefmjheagmnjob.crx [Not Found]
CHR HKU\S-1-5-21-1527947827-942829161-1498061186-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hlfgjgjocindbigfeflefmjheagmnjob] - C:\Users\TWW\AppData\Local\CRE\hlfgjgjocindbigfeflefmjheagmnjob.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2015-03-09] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2253016 2013-10-02] (Broadcom Corporation.)
R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [234600 2015-03-09] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DriveXpert; C:\Program Files (x86)\DriveXpert\XSrvSetup.exe [69632 2015-03-09] () [File not signed]
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2015-03-09] (DeviceVM, Inc.) [File not signed]
R2 FingerPrint; C:\Program Files (x86)\FingerPrint\FingerPrintService.exe [2203416 2013-07-10] (Collobos Software)
S3 GenericMount Helper Service; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [1921808 2013-11-15] (Symantec)
S2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [19456 2015-03-09] (Silicondust USA Inc) [File not signed]
S3 HitmanPro37Crusader; D:\Users\TWW\Downloads\HitmanPro_x64.exe [10995632 2015-03-09] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [85184 2010-02-26] (Macrovision                                                    )
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-12-11] (Symantec Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-04-18] (LogMeIn, Inc.)
R2 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91392 2010-01-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin\ccSvcHst.exe [144496 2014-07-31] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\Smc.exe [2379128 2014-07-31] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\snac64.exe [335216 2014-07-31] (Symantec Corporation)
R2 Symantec System Recovery; C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [6192736 2013-12-15] (Symantec Corporation)
R3 SymTrackService; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackServicex64.exe [2979576 2013-12-14] (Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-01-30] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-02] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\BASHDefs\20150307.011\BHDrvx64.sys [1622744 2015-02-24] (Symantec Corporation)
R1 ccSettings_{690CFB39-3E68-4966-A470-3A946C640A12}; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\ccSetx64.sys [169048 2014-07-31] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-19] (Symantec Corporation)
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2010-03-03] (ASUSTeK Computer Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-19] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [69208 2012-08-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\IPSDefs\20150320.011\IDSvia64.sys [637656 2015-03-05] (Symantec Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20150321.003\ENG64.SYS [129752 2015-02-19] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Data\Definitions\VirusDefs\20150321.003\EX64.SYS [2137304 2015-02-19] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-19] (Windows ® Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows ® Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSP64.SYS [867032 2014-07-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SRTSPX64.SYS [36952 2014-07-31] (Symantec Corporation)
R0 SSRFsF; C:\Windows\System32\DRIVERS\SSRFsF.sys [28432 2013-12-14] (Symantec)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4112.4156.105\Bin64\SyDvCtrl64.sys [35432 2014-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMDS64.SYS [493656 2014-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMEFA64.SYS [1148120 2014-07-31] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\Ironx64.SYS [225496 2014-07-31] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011010\103C.105\x64\SYMNETS.SYS [437976 2014-07-31] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155472 2015-03-06] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [104472 2014-07-31] (Symantec Corporation)
R3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [File not signed]
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows ® Codename Longhorn DDK provider)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [22104 2013-11-07] (Symantec Corporation)
R0 VTrack; C:\Windows\System32\DRIVERS\VTrack.sys [350712 2013-12-14] (Symantec)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [30456 2012-05-04] (XOSLAB.COM)
S3 ATICDSDr; \??\C:\Users\TWW\AppData\Local\Temp\ATICDSDr.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U0 symsnap; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-21 18:25 - 2015-03-21 18:25 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FinePrint
2015-03-21 18:25 - 2015-03-05 18:36 - 00594624 ____N (FinePrint Software, LLC) C:\Windows\system32\fpmon8.dll
2015-03-21 18:25 - 2015-03-05 18:36 - 00492224 ____N (FinePrint Software, LLC) C:\Windows\system32\fpres8-x64.dll
2015-03-21 18:15 - 2015-03-22 15:26 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pdfFactory
2015-03-21 18:14 - 2015-03-05 18:40 - 00623296 ____N (FinePrint Software, LLC) C:\Windows\system32\fppmon5.dll
2015-03-21 18:14 - 2015-03-05 18:40 - 00432832 ____N (FinePrint Software, LLC) C:\Windows\system32\fppr5-x64.dll
2015-03-21 13:06 - 2015-03-21 13:06 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\15805
2015-03-20 09:33 - 2015-03-20 09:33 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\InstallShield
2015-03-16 15:59 - 2015-03-21 05:27 - 00002224 _____ () C:\Users\public\Desktop\Google Chrome.lnk
2015-03-16 15:59 - 2015-03-16 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-16 15:56 - 2015-03-16 15:57 - 00000000 ____D () C:\Users\TWW\AppData\Local\Deployment
2015-03-16 15:16 - 2015-03-16 15:16 - 00000000 ____D () C:\Users\TWW\Tracing
2015-03-13 11:07 - 2015-03-21 03:55 - 00000000 __SHD () C:\.VTrack
2015-03-13 11:07 - 2015-03-13 11:07 - 00004096 ___SH () C:\VTrackDiskControl.ctl
2015-03-13 10:45 - 2015-03-22 15:35 - 00000012 ____H () C:\dvmexp.idx
2015-03-13 10:33 - 2015-03-22 15:23 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-03-11 06:55 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 06:55 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 06:55 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 06:55 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 06:55 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 06:55 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 06:55 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 06:55 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 06:55 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 06:55 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:55 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 06:55 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 06:55 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 06:55 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 06:55 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 06:55 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 06:55 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 06:55 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 06:55 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 06:55 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 06:55 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 06:55 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 06:55 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 06:55 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 06:55 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 06:55 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 06:55 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 06:55 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 06:55 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 06:55 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 06:55 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 06:55 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 06:55 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 06:55 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 06:55 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 06:55 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 06:55 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 06:55 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 06:54 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 06:54 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 06:54 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 06:54 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 06:54 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 06:54 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 06:54 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 06:54 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 06:54 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 06:54 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 06:54 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 06:54 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 06:54 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 06:54 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 06:54 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 06:54 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:54 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:54 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 06:54 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 06:54 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 06:54 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 06:54 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 06:54 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 06:53 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:53 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 06:53 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 06:53 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 06:53 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 06:53 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 06:53 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 06:53 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 06:53 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 06:53 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 06:53 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 06:53 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 06:53 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 06:53 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 06:53 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 06:53 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 06:53 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 06:53 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 06:53 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 06:53 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 06:53 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 06:53 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 06:53 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 06:53 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 06:53 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 06:53 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 06:53 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 06:53 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 06:53 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 06:53 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 06:53 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 06:53 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 06:53 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 06:53 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 06:53 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 06:53 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 06:53 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 06:53 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 06:53 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 06:53 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 06:53 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 06:53 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 06:53 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 06:53 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 06:53 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 06:53 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 06:53 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 06:53 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 06:53 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 06:53 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 06:53 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 06:53 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 06:53 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 06:53 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 06:53 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 06:53 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 06:53 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 06:53 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:53 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 06:53 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:53 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:53 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:53 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00580096 _____ () C:\Windows\system32\ac3filter64.acm
2015-03-11 06:52 - 2015-03-11 06:52 - 00580096 _____ () C:\Windows\system32\ac3filter.acm
2015-03-11 06:52 - 2015-03-11 06:52 - 00227328 _____ () C:\Windows\system32\xvidvfw.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00136704 _____ () C:\Windows\system32\ff_vfw.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00108032 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-03-11 06:52 - 2015-03-11 06:52 - 00050688 _____ () C:\Windows\SysWOW64\ff_acm.acm
2015-03-10 15:39 - 2015-03-10 15:39 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\22366
2015-03-09 18:30 - 2015-03-09 18:30 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-09 18:30 - 2015-03-09 18:30 - 00000216 _____ () C:\Windows\system32\bootdelete.lst
2015-03-09 17:07 - 2015-03-09 17:07 - 00278528 ____N (FinePrint Software, LLC) C:\Windows\system32\fppmon3.dll
2015-03-09 17:07 - 2015-03-09 17:07 - 00065344 _____ () C:\Windows\system32\pdfredirectmon64.dll
2015-03-09 07:38 - 2015-03-09 07:38 - 00007482 _____ () C:\Windows\system32\.crusader
2015-03-09 07:25 - 2015-03-09 07:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-08 09:16 - 2015-03-08 09:18 - 00045382 _____ () C:\Windows\DPINST.LOG
2015-03-07 15:33 - 2015-03-22 15:36 - 00000000 ____D () C:\FRST
2015-03-06 14:04 - 2015-03-08 07:57 - 00000000 ____D () C:\ProgramData\Tuneup computer
2015-03-06 08:33 - 2015-03-06 08:33 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-03-06 08:33 - 2015-03-06 08:33 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-03-06 08:32 - 2015-03-06 08:32 - 00577392 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00462192 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00421232 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00363376 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00158576 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00155472 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2015-03-06 08:32 - 2015-03-06 08:32 - 00136560 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00057200 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00051056 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00045088 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2015-03-06 08:32 - 2015-03-06 08:32 - 00012656 _____ (Symantec Corporation) C:\Windows\system32\sysferThunk.dll
2015-03-06 08:32 - 2015-03-06 08:32 - 00011632 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysferThunk.dll
2015-03-06 08:31 - 2015-03-06 08:31 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2015-03-06 08:30 - 2015-03-06 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2015-03-06 08:30 - 2015-03-06 08:30 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2015-03-06 07:59 - 2014-03-04 06:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-06 07:22 - 2015-03-06 07:22 - 00003690 _____ () C:\Windows\System32\Tasks\boosterpop
2015-03-06 07:22 - 2015-03-06 07:22 - 00003688 _____ () C:\Windows\System32\Tasks\IEError
2015-03-06 07:22 - 2015-03-06 07:22 - 00003504 _____ () C:\Windows\System32\Tasks\AI_Updater
2015-03-06 07:21 - 2015-03-06 07:21 - 00000000 ____D () C:\Users\TWW\AppData\Local\PCTuner1
2015-03-05 08:31 - 2015-03-22 15:26 - 00005712 _____ () C:\Windows\setupact.log
2015-03-05 08:31 - 2015-03-22 15:22 - 00057340 _____ () C:\Windows\PFRO.log
2015-03-05 08:31 - 2015-03-05 08:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-05 08:22 - 2015-03-05 08:22 - 00000000 ____D () C:\ProgramData\COMODO
2015-03-04 20:22 - 2015-03-04 20:22 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2015-03-04 19:41 - 2015-03-04 19:42 - 00000000 ____D () C:\Program Files\Windows XP Mode
2015-03-03 15:50 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 15:50 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 15:50 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 15:50 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-03 09:47 - 2015-03-03 09:47 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\IBM
2015-03-03 09:47 - 2015-03-03 09:47 - 00000000 ____D () C:\ProgramData\IBM
2015-02-25 04:00 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 04:00 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 19:13 - 2015-03-03 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\Program Files\iTunes
2015-02-20 19:13 - 2015-02-20 19:13 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-22 15:37 - 2009-07-13 23:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-22 15:37 - 2009-07-13 23:45 - 00020816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-22 15:35 - 2012-01-22 13:54 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527947827-942829161-1498061186-1001UA.job
2015-03-22 15:33 - 2009-07-14 00:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 15:32 - 2014-10-11 06:48 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TWW-OFFICE-PC-TWW TWW-OFFICE-PC
2015-03-22 15:32 - 2012-12-28 16:24 - 00000000 ____D () C:\ProgramData\FingerPrintService
2015-03-22 15:27 - 2010-02-21 09:45 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Skype
2015-03-22 15:27 - 2010-02-19 00:48 - 00000000 ___HD () C:\temp
2015-03-22 15:26 - 2012-09-18 05:46 - 00000000 ___RD () C:\Users\TWW\Google Drive
2015-03-22 15:25 - 2014-10-14 20:00 - 00000000 ___RD () C:\Users\TWW\iCloudDrive
2015-03-22 15:25 - 2010-02-19 06:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 15:25 - 2010-02-19 06:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-22 15:23 - 2010-08-18 18:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-22 15:23 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 15:20 - 2014-05-07 17:42 - 01517049 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 15:19 - 2012-04-09 18:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-22 13:31 - 2012-01-20 13:27 - 00000000 ____D () C:\Users\TWW\Calibre Library
2015-03-22 13:30 - 2010-02-18 16:57 - 00000000 ____D () C:\Users\TWW
2015-03-22 07:53 - 2014-04-23 11:38 - 00000000 ____D () C:\Users\TWW\AppData\Local\CrashDumps
2015-03-21 17:35 - 2012-01-22 13:54 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1527947827-942829161-1498061186-1001Core.job
2015-03-21 17:03 - 2011-01-16 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-03-21 15:58 - 2011-09-21 18:35 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\vlc
2015-03-21 15:45 - 2012-07-05 13:35 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\dvdcss
2015-03-21 15:43 - 2010-10-17 11:00 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\HandBrake
2015-03-20 20:46 - 2011-10-01 14:55 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\.oit
2015-03-20 15:26 - 2010-02-19 17:31 - 00000000 ___RD () C:\Users\TWW\Virtual Machines
2015-03-20 15:16 - 2014-05-07 11:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-20 09:34 - 2010-02-19 00:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-16 20:46 - 2011-02-20 13:52 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-16 20:46 - 2011-02-20 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-16 20:46 - 2010-02-18 18:06 - 00001192 _____ () C:\Users\public\Desktop\My LastPass Vault.lnk
2015-03-16 20:46 - 2010-02-18 18:06 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-16 15:59 - 2010-02-19 01:24 - 00000000 ____D () C:\Users\TWW\AppData\Local\Google
2015-03-16 15:59 - 2010-02-19 00:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-16 15:56 - 2010-02-19 11:29 - 00000000 ____D () C:\Users\TWW\AppData\Local\Apps\2.0
2015-03-15 09:09 - 2015-02-13 04:24 - 00000020 _____ () C:\Users\TWW\AppData\Roaming\appdataFr3.bin
2015-03-15 07:28 - 2010-02-21 09:30 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-15 07:27 - 2010-02-21 09:30 - 00000000 ____D () C:\ProgramData\Skype
2015-03-13 17:18 - 2012-01-20 09:07 - 00001001 _____ () C:\Users\public\Desktop\calibre - E-book management.lnk
2015-03-13 17:18 - 2012-01-20 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-03-13 17:18 - 2012-01-20 09:07 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2015-03-13 15:01 - 2014-08-16 11:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 10:33 - 2010-02-19 00:24 - 00000000 ____D () C:\Program Files\Google
2015-03-13 10:27 - 2010-04-04 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TWW Utilities
2015-03-13 10:25 - 2010-03-01 18:49 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-13 10:12 - 2010-02-19 00:24 - 00000000 ____D () C:\ProgramData\Google
2015-03-13 09:47 - 2010-03-01 09:46 - 00007600 _____ () C:\Users\TWW\AppData\Local\resmon.resmoncfg
2015-03-12 06:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 04:09 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 03:58 - 2009-07-13 23:45 - 00462040 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:36 - 2014-05-04 13:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-12 03:36 - 2010-02-19 10:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:18 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 03:16 - 2013-07-10 22:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:07 - 2010-02-18 17:11 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:15 - 2015-02-15 13:14 - 00000000 ____D () C:\AdwCleaner
2015-03-11 06:52 - 2013-03-03 18:11 - 00000000 ____D () C:\Program Files\Handbrake
2015-03-11 06:52 - 2011-03-17 13:26 - 00000000 ____D () C:\Program Files (x86)\Exifer
2015-03-10 15:41 - 2014-07-06 23:04 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 US
2015-03-10 07:16 - 2012-09-18 05:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-09 17:08 - 2014-07-13 15:21 - 00000000 ____D () C:\Program Files (x86)\Backblaze
2015-03-09 17:07 - 2013-10-07 13:30 - 00000000 ____D () C:\Program Files (x86)\Project1
2015-03-09 17:07 - 2012-03-19 06:38 - 00000000 ____D () C:\Program Files\Easy File Locker
2015-03-09 17:07 - 2010-09-10 15:25 - 00000000 ____D () C:\Program Files (x86)\Second Copy 8
2015-03-09 17:07 - 2010-02-18 23:35 - 00000000 ____D () C:\Program Files (x86)\DriveXpert
2015-03-09 07:38 - 2015-01-19 11:48 - 00000000 ____D () C:\ProgramData\{217c942c-82a6-a9a9-217c-c942c82a50b2}
2015-03-08 09:18 - 2013-02-03 10:08 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2015-03-08 09:18 - 2013-02-03 10:08 - 00000968 _____ () C:\Users\public\Desktop\VueScan x64.lnk
2015-03-08 09:18 - 2013-02-03 10:08 - 00000000 ____D () C:\Program Files\VueScan
2015-03-07 18:58 - 2014-05-07 11:43 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\TeamViewer
2015-03-06 14:58 - 2013-04-24 17:16 - 00000000 ____D () C:\ProgramData\Symantec
2015-03-06 13:24 - 2010-02-24 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2015-03-06 08:50 - 2009-07-14 00:08 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-06 08:33 - 2013-04-24 17:18 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-03-06 08:30 - 2013-04-24 17:19 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-03-06 08:04 - 2013-07-21 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-06 07:59 - 2010-08-18 22:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-06 07:57 - 2010-08-18 18:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-05 19:16 - 2014-10-04 15:10 - 00000000 ____D () C:\Users\TWW\AppData\Local\CloudStation
2015-03-05 16:15 - 2013-05-22 09:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-03-05 16:15 - 2010-09-04 08:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-05 16:15 - 2010-02-19 00:00 - 00000000 ____D () C:\Windows\pss
2015-03-05 16:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-05 16:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-05 16:05 - 2015-02-15 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-05 16:05 - 2014-02-22 10:13 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-05 10:34 - 2013-09-16 06:32 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\Wandoujia2
2015-03-05 10:06 - 2012-06-29 09:25 - 00450776 ____R () C:\Windows\system32\Drivers\etc\hosts.bad
2015-03-05 10:03 - 2010-02-24 17:24 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-05 09:55 - 2013-01-20 20:20 - 00000000 ____D () C:\Users\HomeGroupUser$
2015-03-05 09:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-05 08:19 - 2013-10-18 07:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-05 08:19 - 2010-02-19 08:12 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-04 04:21 - 2012-12-28 16:24 - 00000000 ____D () C:\Users\TWW\AppData\Local\FingerPrint
2015-03-03 11:56 - 2012-11-23 15:35 - 00000000 ____D () C:\Users\TWW\AppData\Roaming\WindSolutions
2015-03-03 11:54 - 2012-11-23 15:35 - 00000000 ____D () C:\ProgramData\WindSolutions
2015-03-03 09:47 - 2010-02-18 16:57 - 00000000 ____D () C:\Users\TWW\AppData\Local\VirtualStore
2015-03-03 08:17 - 2010-02-18 17:10 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 00:32 - 2010-02-21 08:43 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 12:46 - 2013-03-02 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RootsMagic 6
2015-02-28 12:46 - 2013-03-02 21:02 - 00000000 ____D () C:\Program Files (x86)\RootsMagic 6
2015-02-24 17:39 - 2013-09-19 06:48 - 00000000 ___RD () C:\Users\TWW\Dropbox
2015-02-20 19:13 - 2014-10-15 20:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-20 19:13 - 2012-10-15 11:02 - 00001754 _____ () C:\Users\public\Desktop\iTunes.lnk
 
==================== Files in the root of some directories =======
 
2011-06-14 19:22 - 2011-06-14 19:22 - 0081408 _____ (Microsoft Corporation) C:\Program Files (x86)\taskkill.exe
2011-02-20 13:50 - 2015-03-16 20:46 - 14242360 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-02-13 04:24 - 2015-03-15 09:09 - 0000020 _____ () C:\Users\TWW\AppData\Roaming\appdataFr3.bin
2013-12-10 13:24 - 2013-12-10 13:24 - 0038490 _____ () C:\Users\TWW\AppData\Roaming\Comma Separated Values (DOS).ADR
2012-06-03 12:24 - 2013-04-06 05:44 - 0038498 _____ () C:\Users\TWW\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-04-06 11:04 - 2013-04-05 23:58 - 0010118 _____ () C:\Users\TWW\AppData\Roaming\Comma Separated Values (Windows).CAL
2011-04-23 23:40 - 2014-03-02 11:01 - 0001007 _____ () C:\Users\TWW\AppData\Roaming\ConvAPIPlugin.log
2010-02-26 16:28 - 2013-05-13 11:14 - 0000209 _____ () C:\Users\TWW\AppData\Roaming\default.rss
2010-06-02 11:23 - 2010-06-02 11:23 - 0000000 _____ () C:\Users\TWW\AppData\Roaming\downloads.m3u
2010-10-17 12:55 - 2011-08-28 07:07 - 0099384 _____ () C:\Users\TWW\AppData\Roaming\inst.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\TWW\AppData\Roaming\LMGJ
2012-07-11 08:15 - 2012-07-11 08:15 - 0038426 _____ () C:\Users\TWW\AppData\Roaming\Microsoft Access 97-2003.ADR
2012-11-28 20:40 - 2012-11-28 20:48 - 0038485 _____ () C:\Users\TWW\AppData\Roaming\Microsoft Excel 97-2003.ADR
2010-10-17 12:55 - 2011-08-28 07:07 - 0007859 _____ () C:\Users\TWW\AppData\Roaming\pcouffin.cat
2010-10-17 12:55 - 2011-08-28 07:07 - 0001167 _____ () C:\Users\TWW\AppData\Roaming\pcouffin.inf
2010-10-17 12:56 - 2011-08-28 07:07 - 0000055 _____ () C:\Users\TWW\AppData\Roaming\pcouffin.log
2010-10-17 12:55 - 2011-08-28 07:07 - 0082816 _____ (VSO Software) C:\Users\TWW\AppData\Roaming\pcouffin.sys
2011-06-16 05:29 - 2011-06-16 05:31 - 0000077 _____ () C:\Users\TWW\AppData\Roaming\Rim.Desktop.Exception.log
2010-12-25 23:04 - 2012-04-06 18:00 - 0003174 _____ () C:\Users\TWW\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-04-08 13:53 - 2014-04-09 00:53 - 0000089 _____ () C:\Users\TWW\AppData\Roaming\WB.CFG
2010-04-13 19:48 - 2014-12-29 14:37 - 0215040 _____ () C:\Users\TWW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-14 14:21 - 2012-10-14 14:21 - 0000001 _____ () C:\Users\TWW\AppData\Local\llftool.4.25.agreement
2012-10-14 14:26 - 2012-10-14 14:26 - 0000001 _____ () C:\Users\TWW\AppData\Local\RawCopy.1.02.agreement
2012-10-14 14:27 - 2012-10-14 14:27 - 0000022 _____ () C:\Users\TWW\AppData\Local\RawCopy.savedialog.dir
2012-10-14 14:27 - 2012-10-14 14:27 - 0000001 _____ () C:\Users\TWW\AppData\Local\RawCopy.savedialog.filterindex
2012-10-14 14:26 - 2012-10-14 14:26 - 0000001 _____ () C:\Users\TWW\AppData\Local\RawCopy.sourcedisk.index
2010-03-01 09:46 - 2015-03-13 09:47 - 0007600 _____ () C:\Users\TWW\AppData\Local\resmon.resmoncfg
2011-11-28 23:19 - 2011-11-28 23:19 - 0000008 __RSH () C:\Users\TWW\AppData\Local\ℤ™☠
2014-03-06 17:46 - 2014-03-06 17:46 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-02-21 09:51 - 2010-02-21 09:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-03-22 13:42 - 2014-03-06 18:03 - 0014582 _____ () C:\ProgramData\hpzinstall.log
2011-11-19 17:06 - 2014-11-19 17:09 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-07-06 14:37 - 2012-07-07 10:53 - 0020531 ____H () C:\ProgramData\W77X4
 
Some content of TEMP:
====================
C:\Users\TWW\AppData\Local\Temp\SkypeSetup.exe
C:\Users\TWW\AppData\Local\Temp\SpOrder.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 00:42
 
==================== End Of Log ============================
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users