Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Little Knowledge Can Be Dangerous


  • This topic is locked This topic is locked
8 replies to this topic

#1 JimConsidine

JimConsidine

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:31 PM

Posted 17 March 2015 - 11:04 PM

I am a devotee of Bleeping Computer and I use the myriad of virus/malware scanners/hunters. Lately, my laptop had been running so hot I was afraid it would melt.  A lot of my maintenance programs (CC Cleaner & Defraggler) were having a hard time completing their tasks. I realized that I was infected and started running every Bleeping Computer security program that is in my arsenal.  In addition I use MBAM, Super Spyware, MS Security Essentials & MS Firewall. 

As the old saying goes, even a blind squirrel finds a nut eventually. I was eradicated a couple infections. The thing is, I'm not convinced that I got them all.

I have all of the logs from my eradication process in case you want to see what was detected.  I can tell you that MS Security Essentials quarantined "Backdoor:MSIL/Bladabindi. 

After running "Autorun", it came up with a half dozen or so items that when cross checking the internet, I am not sure if I am infected or not.

 

Here is the FARBAR Logs as per the instructions. Thank you for your time and effort with this matter.

Jim Considine

------------------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jim Considine (administrator) on JIMCONSIDINE-PC on 17-03-2015 23:08:46
Running from C:\Users\Jim Considine\Downloads
Loaded Profiles: Jim Considine (Available profiles: Jim Considine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\WRT\WRT Icon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Reason Software Company Inc.) C:\Users\Jim Considine\AppData\Roaming\Reason\Boost\boost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelWrtIcon] => C:\Program Files\Intel\WRT\WRT Icon Starter.exe [44544 2014-04-02] (Intel Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-05-14] ()
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
HKU\S-1-5-18\...\Run: [ctfmon.exe] => -
ShellIconOverlayIdentifiers: [000BoxDesktopFileLocked] -> {C253B817-3A00-475f-A5A3-6F2DD704B48D} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSynced] -> {19ACC806-F7AA-46AA-A80A-726A07CA6637} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopNotSyncedCollabs] -> {337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSynced] -> {B7AC9C6D-F15B-4B1A-A88D-F518D13861D9} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [000BoxDesktopSyncedCollab] -> {9E48C232-F601-4E41-BB3E-16CBAF317AA4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-08-23] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{76829097-6D12-4B0D-868D-96871D5980C4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{95DD779C-1371-4669-81CA-628457CAA794}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D788813B-E65A-4A83-8B8C-A40145BBFE24}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'PROXY%20127.0.0.1%3A49278'%3B%20%7D%20%2F*ZenMate*%2F"
FF NetworkProxy: "type", 2
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKU\S-1-5-21-3980735000-1117649075-3546456287-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jim Considine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3980735000-1117649075-3546456287-1000: @talk.google.com/O1DPlugin -> C:\Users\Jim Considine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jim Considine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jim Considine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\google-images.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\imdb.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\ixquick-https.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\kickassto.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\privatelee-https.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\startpage-ssl.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\thepiratebayorg.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\youtube.xml [2014-12-11]
FF Extension: Copy Plain Text 2 - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\copyplaintext@teo.pl.xpi [2014-11-26]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\firefox@zenmate.com.xpi [2014-11-26]
FF Extension: Google™ Translator - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2014-11-26]
FF Extension: AdBlock Lite - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2014-11-26]
FF Extension: YouTube™ Flash® Player - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-11-26]
FF Extension: AdBlock for Firefox - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2014-11-26]
FF Extension: YouTube™ HD Plus - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2014-11-26]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2014-11-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "https://mail.google.com/mail/u/0/?tab=wm#inbox", "https://www.google.com/calendar/render?pli=1", "chrome://newtab/"
CHR Profile: C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NOAA NWS Weather Forecast) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoeeadahepglhaccmlflogngkgakfenj [2014-08-31]
CHR Extension: (Google Docs) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Ribbet! Photo Editor) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2014-07-29]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-10-17]
CHR Extension: (Adblock Plus) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-18]
CHR Extension: (Google Search) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Gmail Offline) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-02-10]
CHR Extension: (Tools for Google Maps™) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2014-12-18]
CHR Extension: (Photovisi - Photo Collage Maker) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\emkkfkcbnpdnhgeolpbggbdogfngiadf [2014-07-29]
CHR Extension: (Scribble Maps) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhoiddbgfhccnhnafghphdmlaofgeh [2014-12-18]
CHR Extension: (Green Tree [FVD]) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gghjhhgopnogfikfjgnmhcmddhhhdojj [2015-03-16]
CHR Extension: (YTB Video Downloader) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmaobacgiohnnblcpkicnghkhgaehdcf [2015-02-15]
CHR Extension: (Inoreader Cloud Reader - News, Blogs, Video) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhglljfmpijadbpkalkclnhlncncdono [2014-09-10]
CHR Extension: (NPR Infinite Player) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-07-29]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-07-29]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2015-03-16]
CHR Extension: (StartHQ) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilcpdgfepihaomggobhmfiimflngbcoh [2015-03-16]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2015-03-16]
CHR Extension: (Digital Photo Gallery) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefgmnencamogchjibmjbikfjhkkbgkh [2014-07-29]
CHR Extension: (Convert EPUB to MOBI (Kindle format)) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcichgcjcnjhkkaiglnobgopalkinhe [2014-07-29]
CHR Extension: (Alarm Clock Radio) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2014-07-29]
CHR Extension: (Google Play) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-07-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Faxinating.com, send fax online) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipglbbjfjjcifbelimhajebhdakahdd [2014-10-17]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-03-16]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-29]
CHR Extension: (Google Drawings) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-02-10]
CHR Extension: (Ghostery) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-10]
CHR Extension: (OneDrive) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-07-29]
CHR Extension: (Google Wallet) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (piZap Photo Editor) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2014-07-29]
CHR Extension: (Map Your List) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgkpanimdijkpkiphodlebaadipofkhb [2014-12-18]
CHR Extension: (Gmail) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]
CHR HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JIMCON~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fbdcdnbcndinbnlandfinodnfcodgabl] - C:\Users\Jim Considine\AppData\Local\CRE\fbdcdnbcndinbnlandfinodnfcodgabl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fbdcdnbcndinbnlandfinodnfcodgabl] - C:\Users\Jim Considine\AppData\Local\CRE\fbdcdnbcndinbnlandfinodnfcodgabl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-10-30] (Digiarty Software, Inc.)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66360 2012-08-22] (Trend Micro Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [31880 2008-09-16] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [202248 2009-02-27] (Sierra Wireless Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 23:09 - 2015-03-17 23:09 - 00000002 _____ () C:\Users\Jim Considine\Downloads\ExcludeDictionaryFR040c.lex.dic
2015-03-17 22:41 - 2015-03-17 23:08 - 00061644 _____ () C:\Users\Jim Considine\Downloads\Addition.txt
2015-03-17 22:40 - 2015-03-17 23:09 - 00027735 _____ () C:\Users\Jim Considine\Downloads\FRST.txt
2015-03-17 22:34 - 2015-03-17 22:34 - 02095616 _____ (Farbar) C:\Users\Jim Considine\Downloads\FRST64.exe
2015-03-16 21:02 - 2015-03-16 21:02 - 00000854 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-03-16 20:59 - 2015-03-16 21:01 - 00000000 ___DC () C:\Program Files\GIMP 2
2015-03-16 15:00 - 2015-03-16 15:00 - 00000000 ____D () C:\Users\Jim Considine\Downloads\New folder
2015-03-16 14:59 - 2015-03-16 15:00 - 00000000 ____D () C:\Users\Jim Considine\Downloads\INSTALL BOOST
2015-03-16 14:02 - 2015-03-16 18:21 - 00003994 _____ () C:\Windows\System32\Tasks\Boost
2015-03-16 14:00 - 2015-03-16 14:00 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\Reason
2015-03-16 14:00 - 2015-03-16 14:00 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
2015-03-16 13:09 - 2015-03-16 14:00 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-03-16 13:09 - 2015-03-16 13:09 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2015-03-16 13:09 - 2015-03-16 13:09 - 00000000 ____D () C:\Program Files (x86)\Reason
2015-03-14 21:11 - 2015-03-14 21:11 - 00000000 ____D () C:\Users\Jim Considine\Downloads\INFINITY NEW TAB PAGE
2015-03-14 14:23 - 2015-03-14 14:33 - 00000000 ____D () C:\Windows\pss
2015-03-14 14:22 - 2015-03-14 14:22 - 00001232 _____ () C:\Users\Jim Considine\Documents\cc_20150314_142207.reg
2015-03-14 12:49 - 2015-03-14 12:49 - 00028016 ____C () C:\ComboFix.txt
2015-03-14 05:59 - 2015-03-14 05:59 - 00012842 _____ () C:\Users\Jim Considine\Documents\cc_20150314_055912.reg
2015-03-14 05:32 - 2015-03-14 05:37 - 00030080 _____ () C:\Users\Jim Considine\Documents\cc_20150314_052903.reg
2015-03-14 05:12 - 2015-03-16 20:39 - 00243624 _____ () C:\Users\Jim Considine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-14 05:11 - 2015-03-16 23:46 - 00681784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 00:50 - 2015-03-13 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-03-13 00:50 - 2015-03-13 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-13 00:48 - 2015-03-13 00:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-03-13 00:48 - 2015-03-13 00:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-03-13 00:44 - 2015-03-13 00:44 - 00000000 ___DC () C:\Program Files\Microsoft Office
2015-03-13 00:44 - 2015-03-13 00:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-03-13 00:43 - 2015-03-13 00:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-13 00:42 - 2015-03-13 00:42 - 00000000 __RDC () C:\MSOCache
2015-03-12 23:39 - 2015-03-13 00:26 - 00000000 ____D () C:\ProgramData\{49c4070c-c488-931f-49c4-4070cc481c33}
2015-03-12 23:28 - 2015-03-16 18:21 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-12 22:45 - 2015-03-12 22:45 - 00000000 ____D () C:\ProgramData\{9d412e31-8763-3ac7-9d41-12e31876b8c6}
2015-03-11 09:13 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:13 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 19:57 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 19:57 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 19:57 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 19:57 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 19:57 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 19:57 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 19:57 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 19:57 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 19:57 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 19:57 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 19:57 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 19:57 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 19:57 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 19:57 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 19:57 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 19:57 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 19:57 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 19:57 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 19:57 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 19:57 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 19:57 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 19:57 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 19:57 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 19:57 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 19:57 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 19:57 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 19:57 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 19:57 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 19:57 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 19:57 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 19:57 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 19:57 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 19:57 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 19:57 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 19:57 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 19:57 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 19:57 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 19:57 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 19:56 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 19:56 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 19:56 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 19:56 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 19:56 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 19:56 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 19:56 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 19:56 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 19:56 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 19:56 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 19:56 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 19:56 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 19:56 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 19:56 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 19:56 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 19:56 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 19:56 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:56 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 19:56 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 19:56 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 19:56 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 19:56 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 19:56 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 19:55 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 19:55 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 19:51 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 19:51 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 19:51 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 19:51 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 19:51 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 19:51 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 19:51 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 19:51 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:51 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 19:51 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:51 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 19:51 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 19:51 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 19:51 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:51 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:51 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 19:51 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 19:51 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:51 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 19:51 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 19:51 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 19:51 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:51 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 19:51 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 19:51 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 19:51 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 19:51 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 19:51 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:51 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 19:51 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 19:51 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 19:51 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 19:51 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 19:51 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 19:51 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:51 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 19:51 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:51 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:51 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 19:51 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 19:51 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 19:51 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 19:51 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 19:51 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 19:51 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:51 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 19:51 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 19:51 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 19:51 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 19:51 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 19:51 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 19:50 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:50 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:50 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 19:50 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 19:50 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:50 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 19:50 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 19:50 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 02:44 - 2015-03-10 02:45 - 00000000 __SHD () C:\ProgramData\JIMCONSIDINE-PC
2015-03-08 13:53 - 2015-03-12 23:56 - 00000000 ____D () C:\Users\Jim Considine\AppData\Local\MindGems
2015-03-08 11:59 - 2015-03-08 11:59 - 00000000 ____D () C:\Users\Jim Considine\Downloads\SEARCH MY FILES
2015-03-08 11:00 - 2015-03-08 11:00 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\PDF Writer
2015-03-08 11:00 - 2015-03-08 11:00 - 00000000 ____D () C:\Users\Jim Considine\AppData\Local\PDF Writer
2015-03-08 10:56 - 2015-03-08 10:58 - 00000000 ____D () C:\ProgramData\PDF Writer
2015-03-08 10:56 - 2015-03-08 10:56 - 00000000 ___DC () C:\Program Files\Common Files\Bullzip
2015-03-08 10:56 - 2015-03-08 10:56 - 00000000 ___DC () C:\Program Files\Bullzip
2015-03-08 10:56 - 2015-03-08 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
2015-03-08 10:56 - 2014-11-19 09:08 - 00228352 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll
2015-03-08 10:56 - 2013-09-01 06:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx
2015-03-08 10:56 - 2013-07-13 06:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx
2015-03-08 10:56 - 2013-07-12 16:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx
2015-03-08 10:56 - 2013-04-05 07:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx
2015-03-08 10:56 - 2013-03-28 17:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx
2015-03-08 10:56 - 2013-03-03 08:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx
2015-03-08 10:56 - 2008-07-09 09:08 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll
2015-03-03 18:01 - 2015-03-03 18:01 - 00000000 _____ () C:\Users\Jim Considine\Sti_Trace.log
2015-03-01 21:57 - 2015-03-01 21:57 - 00010658 _____ () C:\Users\Jim Considine\Documents\cc_20150301_205714.reg
2015-02-25 13:02 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 13:02 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 11:35 - 2015-02-25 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-02-21 06:33 - 2015-03-14 11:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-21 06:25 - 2015-02-21 21:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-02-21 06:25 - 2015-02-21 15:56 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-21 04:48 - 2015-02-21 20:36 - 00000000 ___DC () C:\SUPERDelete
2015-02-21 04:04 - 2015-03-17 23:08 - 00000000 ___DC () C:\FRST
2015-02-21 03:35 - 2015-02-21 03:35 - 00000000 ___DC () C:\Program Files\CPUID
2015-02-21 02:55 - 2015-02-21 02:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-21 00:57 - 2015-02-21 00:57 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\SUPERAntiSpyware.com
2015-02-21 00:56 - 2015-03-10 11:22 - 00000000 ___DC () C:\Program Files\SUPERAntiSpyware
2015-02-21 00:56 - 2015-02-21 00:56 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-21 00:56 - 2015-02-21 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-19 01:06 - 2015-03-11 09:59 - 00000000 ___DC () C:\AdwCleaner
2015-02-18 14:31 - 2015-02-18 14:32 - 00000000 ____D () C:\Users\Jim Considine\Documents\EVERNOTE
2015-02-18 07:05 - 2015-02-18 07:06 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\uTorrent
2015-02-17 23:46 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 23:46 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 23:46 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 23:46 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 20:25 - 2015-03-16 23:35 - 00000000 ____D () C:\Users\Jim Considine\Downloads\YOU TUBE DOWNLOADER + ACTIVATOR
2015-02-15 17:53 - 2015-02-15 17:53 - 00000000 ___DC () C:\OutputFolder
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-17 22:25 - 2014-12-20 15:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 21:54 - 2014-06-20 13:42 - 01386545 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 21:40 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 21:40 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 21:34 - 2014-11-20 20:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 21:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 20:16 - 2012-06-18 15:06 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\PhotoScape
2015-03-17 13:35 - 2014-05-04 15:41 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\vlc
2015-03-16 23:47 - 2014-08-30 23:59 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000UA.job
2015-03-16 23:47 - 2014-08-30 23:59 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000Core.job
2015-03-16 23:47 - 2012-06-10 11:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 23:47 - 2012-06-10 11:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 20:34 - 2014-03-28 13:47 - 00000000 ____D () C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM
2015-03-16 19:48 - 2013-09-30 22:25 - 00002992 _____ () C:\Windows\System32\Tasks\{247847D9-A7C2-4D39-BC5F-42104EC5BF44}
2015-03-16 19:44 - 2013-09-30 22:25 - 00002992 _____ () C:\Windows\System32\Tasks\{FCC197B6-8953-43F0-9A27-9057F449B917}
2015-03-16 19:39 - 2014-12-20 15:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-16 19:31 - 2014-08-30 23:59 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000UA
2015-03-16 18:21 - 2014-08-30 23:59 - 00003546 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000Core
2015-03-16 18:21 - 2014-04-15 12:19 - 00002790 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-16 18:21 - 2012-06-10 11:52 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-16 18:21 - 2012-06-10 11:52 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-16 15:01 - 2014-04-13 15:29 - 00000000 ____D () C:\Users\Jim Considine\Downloads\SHOULD I REMOVE IT
2015-03-16 14:59 - 2014-04-09 15:43 - 00000000 ____D () C:\Users\Jim Considine\Downloads\DEFRAGGLER
2015-03-16 13:56 - 2012-06-08 21:31 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-16 13:31 - 2014-12-16 14:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-15 20:36 - 2014-01-23 20:37 - 00000000 ____D () C:\Program Files\Defraggler
2015-03-14 17:57 - 2014-10-30 15:04 - 00001890 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-03-14 15:22 - 2012-09-17 09:19 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-14 14:29 - 2014-08-23 10:50 - 00003280 _____ () C:\Windows\System32\Tasks\{6014E729-EAD0-4112-AB8C-5B0F1BADD37F}
2015-03-14 14:26 - 2013-09-23 17:11 - 00003258 _____ () C:\Windows\System32\Tasks\{0C23116F-3B6B-416D-BBC7-3B25B85CED48}
2015-03-14 14:25 - 2013-03-20 09:46 - 00003272 _____ () C:\Windows\System32\Tasks\{75DBA38B-DEF7-4F5F-A05F-1E0A267F109E}
2015-03-14 14:25 - 2012-11-15 13:02 - 00003346 _____ () C:\Windows\System32\Tasks\{CECDFBDA-88CF-488D-AADB-940C33CA7CBE}
2015-03-14 12:49 - 2014-07-29 20:37 - 00000000 ___DC () C:\Qoobox
2015-03-14 12:41 - 2009-07-13 22:34 - 00000215 ____C () C:\Windows\system.ini
2015-03-14 12:02 - 2012-06-08 19:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-14 11:03 - 2014-11-20 20:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-14 05:48 - 2012-06-09 11:35 - 00000000 ____D () C:\Windows\RegisteredPackages
2015-03-14 01:19 - 2014-03-04 20:59 - 00001664 _____ () C:\Users\Jim Considine\AppData\Roaming\burnaware.ini
2015-03-13 01:36 - 2014-02-26 01:39 - 00783650 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-13 01:36 - 2009-07-14 01:13 - 00783650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 00:49 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-13 00:48 - 2014-01-12 01:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-13 00:48 - 2012-06-08 19:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-13 00:48 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew
2015-03-13 00:45 - 2009-07-13 23:20 - 00000000 ___DC () C:\Program Files\Common Files\Microsoft Shared
2015-03-13 00:44 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-13 00:26 - 2012-07-05 19:33 - 00000000 ____D () C:\Windows\AutoKMS
2015-03-12 23:31 - 2014-07-25 19:28 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-03-12 23:24 - 2014-09-17 12:56 - 00000000 ____D () C:\Users\Jim Considine\Downloads\MS OFFICE PRO PLUS 2010 SP2 VL x64 SEP 2014
2015-03-12 23:22 - 2014-07-25 18:53 - 00000000 ____D () C:\Users\Jim Considine\Downloads\MS OFFICE PRO SP1 2013
2015-03-11 23:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 16:36 - 2014-10-26 03:41 - 00000000 ___RD () C:\Users\Jim Considine\Documents\PDF
2015-03-11 15:01 - 2012-06-20 08:27 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\Nitro PDF
2015-03-11 14:52 - 2012-06-08 19:13 - 00000000 ____D () C:\Users\Jim Considine
2015-03-11 09:34 - 2013-06-27 17:35 - 00000000 ____D () C:\Users\Jim Considine\Downloads\CC CLEANER
2015-03-11 04:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 04:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:56 - 2002-05-01 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:48 - 2012-06-15 08:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 12:33 - 2012-06-23 15:17 - 00000000 ___RD () C:\Users\Jim Considine\Documents\WORD
2015-03-10 12:28 - 2014-09-24 20:17 - 00000000 ___RD () C:\Users\Jim Considine\Documents\SPORTS DOCS, PDF, MUSIC & XLS
2015-03-09 22:27 - 2012-06-10 08:40 - 00000000 ____D () C:\Users\Jim Considine\AppData\Local\Apps\2.0
2015-03-09 02:26 - 2013-09-30 00:09 - 00000000 ____D () C:\Users\Jim Considine\AppData\Local\SoulseekQt
2015-03-08 13:00 - 2014-12-17 19:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-06 21:36 - 2014-12-03 14:23 - 00000000 ___RD () C:\Users\Jim Considine\Documents\Outlook Files
2015-03-06 16:31 - 2014-12-19 18:55 - 00000000 ____D () C:\Users\Jim Considine\Downloads\NET ADAPTOR REPAIR
2015-03-05 20:39 - 2013-11-13 19:44 - 00000000 ____D () C:\Windows\Minidump
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 21:48 - 2014-04-15 12:18 - 00000000 ___DC () C:\Program Files\CCleaner
2015-03-01 00:24 - 2013-03-28 11:32 - 00000000 ___RD () C:\Users\Jim Considine\Documents\EXCEL
2015-02-28 18:41 - 2012-06-23 16:25 - 00000000 ____D () C:\Users\Jim Considine\PhotoDraw V2 Disc 2
2015-02-27 03:14 - 2014-12-18 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel WRT
2015-02-25 11:39 - 2013-12-31 13:44 - 00000000 ____D () C:\Users\Jim Considine\Downloads\BIT TORRENT
2015-02-25 11:35 - 2015-02-10 03:19 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2015-02-23 17:26 - 2015-02-07 22:43 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\Mp3tag
2015-02-23 12:59 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-21 20:59 - 2015-02-12 16:06 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\qBittorrent
2015-02-21 20:59 - 2015-02-07 16:58 - 00000000 ___DC () C:\Program Files\AudioShell
2015-02-21 20:59 - 2014-07-29 20:36 - 00000000 ____D () C:\Windows\erdnt
2015-02-21 20:59 - 2014-03-27 12:30 - 00000000 ____D () C:\Program Files (x86)\Movie Subtitles Searcher
2015-02-21 20:59 - 2013-10-14 01:05 - 00000000 ____D () C:\Users\Jim Considine\AppData\Roaming\Winamp
2015-02-21 20:59 - 2012-11-12 11:00 - 00000000 ___DC () C:\Program Files\Box Sync
2015-02-21 20:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-02-18 14:16 - 2012-06-08 21:28 - 00000000 ___DC () C:\Intel
2015-02-18 01:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 04:00 - 2014-12-17 19:44 - 00000000 ___DC () C:\Program Files\Intel
2015-02-17 04:00 - 2012-06-08 21:54 - 00000000 ____D () C:\Users\Jim Considine\AppData\Local\Mozilla
2015-02-17 04:00 - 2012-06-08 19:16 - 00000000 ____D () C:\Users\Jim Considine\AppData\Local\Microsoft Help
2015-02-17 04:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-16 03:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-03-04 20:59 - 2015-03-14 01:19 - 0001664 _____ () C:\Users\Jim Considine\AppData\Roaming\burnaware.ini
2013-10-06 14:15 - 2014-08-11 12:10 - 0038524 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-11-10 17:49 - 2014-08-11 11:55 - 0013052 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-07-29 17:48 - 2014-08-11 12:38 - 0009413 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (DOS).EML
2012-10-07 15:35 - 2013-10-06 14:22 - 0038521 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-01-09 12:08 - 2014-07-01 00:42 - 0011410 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (Windows).CAL
2014-07-29 17:29 - 2014-07-29 17:40 - 0009410 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (Windows).EML
2014-10-10 21:21 - 2014-10-10 21:21 - 0000422 _____ () C:\Users\Jim Considine\AppData\Roaming\KForCE.cfg
2013-10-10 11:29 - 2013-12-15 01:14 - 0000114 _____ () C:\Users\Jim Considine\AppData\Roaming\mbam.context.scan
2013-08-19 16:56 - 2013-08-19 16:56 - 0000104 _____ () C:\Users\Jim Considine\AppData\Roaming\settings.xml
2012-06-08 21:39 - 2012-06-08 21:39 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\AtStart.txt
2013-02-25 19:41 - 2013-12-18 19:05 - 0009216 _____ () C:\Users\Jim Considine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-08 21:39 - 2012-06-08 21:39 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\DSwitch.txt
2012-11-29 16:31 - 2012-11-29 17:27 - 0000084 _____ () C:\Users\Jim Considine\AppData\Local\DVDPATH.TXT
2012-06-08 21:39 - 2012-06-08 21:39 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\QSwitch.txt
2014-09-05 17:49 - 2014-09-05 17:49 - 0011000 _____ () C:\Users\Jim Considine\AppData\Local\recently-used.xbel
2014-05-31 12:27 - 2014-05-31 12:27 - 0003331 _____ () C:\Users\Jim Considine\AppData\Local\recently-used.xbel.WQUSGX
2012-09-08 11:51 - 2014-12-18 02:33 - 0007613 _____ () C:\Users\Jim Considine\AppData\Local\resmon.resmoncfg
2014-09-07 03:57 - 2014-09-07 03:57 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\{B958DC36-3B6F-4138-BA39-553D6A52007C}
2012-06-08 21:48 - 2013-07-27 07:32 - 0000290 _____ () C:\ProgramData\hpqp.ini
2012-06-10 10:45 - 2014-08-02 23:37 - 0000021 _____ () C:\ProgramData\hpqp.txt
2014-10-30 15:04 - 2015-03-14 17:57 - 0001890 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-11-20 17:30 - 2012-11-20 17:30 - 0004140 _____ () C:\ProgramData\mtbjfghn.xbe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-15 00:26
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jim Considine at 2015-03-17 23:07:48
Running from C:\Users\Jim Considine\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.65 - Hulubulu Software)
Amazon Cloud Player (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudioShell 2.1 (HKLM\...\AudioShell_is1) (Version: 2.1 - Softpointer Inc)
Boost (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.)
Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden
Box Sync (64 bit) (HKLM\...\{C1135974-554F-476D-B04F-0B79CFE49364}) (Version: 3.4.25.0 - Box, Inc)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
BurnAware Free 7.1 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
calibre (HKLM-x32\...\{735C603C-B068-44E3-8711-826A5953057C}) (Version: 2.11.0 - Kovid Goyal)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM-x32\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
FormatFactory 3.3.4.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.4.0 - Format Factory)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM\...\{3465C52B-A3F8-4FCF-B321-28BCE2A33F99}) (Version: 3.1.21.46 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.385.1020 (HKLM\...\{8E41AB47-4814-46E5-B72E-B7DBDE112070}) (Version: 3.5.385.1020 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Greenfish Icon Editor Pro 3.31 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.2.6908 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Intel@ Wireless Reporting Tool (HKLM\...\Intel Wireless Reporting Tool) (Version: 4.2.0.0 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1033-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.0820 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
Music Manager (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\MusicManager) (Version:  - Google, Inc.)
Nitro Pro 8 (HKLM\...\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}) (Version: 8.5.2.10 - Nitro)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Should I Remove It (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
update (x32 Version: 2.00.0000 - Your Company Name) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinX DVD Copy Pro 3.6.4 (HKLM\...\WinX DVD Copy Pro_is1) (Version:  - Digiarty Software,Inc.)
WinX Video Converter 4.2.1 (HKLM-x32\...\WinX Video Converter_is1) (Version:  - Digiarty Software,Inc.)
WinX YouTube Downloader 3.2.2 (HKLM-x32\...\WinX YouTube Downloader_is1) (Version:  - Digiarty Software, Inc.)
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.505 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.3 - Corel Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
16-03-2015 13:05:54 Installed Should I Remove It
16-03-2015 13:22:00 Revo Uninstaller's restore point - Tweaking.com - Windows Repair (All in One)
16-03-2015 13:41:39 Revo Uninstaller's restore point - HP Advisor
16-03-2015 13:43:46 Removed HP Advisor.
16-03-2015 13:59:36 Installed Boost
16-03-2015 14:05:53 Before Boost
16-03-2015 23:34:33 Microsoft Antimalware Checkpoint
17-03-2015 21:48:49 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-03-14 12:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02E9531D-655C-4B6A-B1B5-8F9455B8A2FD} - System32\Tasks\{F24AAC10-4845-4704-AB80-7C87ECA86FD1} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\sp47546.exe" -d "C:\Users\Jim Considine\Downloads"
Task: {076A92B5-53CA-4959-ADB9-7B6464564651} - System32\Tasks\{75DBA38B-DEF7-4F5F-A05F-1E0A267F109E} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\BCPL WIFI PRINT\clientlauncher.exe" -d "C:\Users\Jim Considine\Downloads\BCPL WIFI PRINT"
Task: {0AFC2B4A-01D4-4ABF-B30C-0891BD2A8601} - System32\Tasks\{FCC197B6-8953-43F0-9A27-9057F449B917} => C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe [2013-11-07] ()
Task: {0BED4290-B9C5-4EB9-B36F-D3295B374F82} - System32\Tasks\{4779146C-F8C0-441C-AAC8-DB07B2182B0F} => pcalua.exe -a "C:\Users\Jim Considine\AppData\Local\Temp\ENGLISH\SETUP.EXE" -d "C:\Users\Jim Considine\AppData\Local\Temp\ENGLISH"
Task: {1CFE5A05-C96A-4509-AEB2-4CCE32194510} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000Core => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {1FB26E1E-EC7E-453C-8E28-871738CDE597} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {35CF5264-35EE-4F54-98C8-3671207F2954} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {49B0D2B5-635E-4826-A6E1-8AA0CE29DBF2} - System32\Tasks\{861B9405-4671-48B8-BD28-E16507043FB2} => pcalua.exe -a "C:\Program Files (x86)\Nitro\Pro 8\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro\Pro 8" -c /InstallExcelAddin 1
Task: {59009B52-CAE5-436E-AA60-5C5BB68A165B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {6F67C55C-C560-42E9-9C78-67EC6BC6F1F0} - \AutoKMSCustom No Task File <==== ATTENTION
Task: {75A7466D-8452-421F-AB26-16B1E0B806E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {773BBA28-6462-4AFF-B95F-C809996D36D6} - System32\Tasks\{9F4FCAA5-1514-484C-AC09-EB455BF3D8E9} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-08-23] (Microsoft Corporation)
Task: {7E18836B-FD1C-45AE-BF19-E1AABE29C98D} - System32\Tasks\{CB1E3069-BFFC-487E-BEB0-CDD4D346786D} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-08-23] (Microsoft Corporation)
Task: {85ADEDCC-1E2E-4625-AA21-30F08F9F325E} - System32\Tasks\Boost => C:\Users\Jim Considine\AppData\Roaming\Reason\Boost\boost.exe [2013-12-27] (Reason Software Company Inc.)
Task: {870499D3-A8C9-40C6-83FE-2C4306C5EBCB} - System32\Tasks\{2F46E43C-2071-4611-904F-4EF09D5E2B07} => pcalua.exe -a "C:\Program Files (x86)\Nitro\Pro 8\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro\Pro 8" -c /InstallWordAddin 1
Task: {99E97C03-3D59-4EBE-8047-41AB62DD3B63} - System32\Tasks\{E0EA54FA-C9CF-45EF-8BEF-8749EDDF8215} => pcalua.exe -a "C:\Program Files (x86)\Nitro\Pro 8\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro\Pro 8" -c /UninstallPowerPointAddin 1
Task: {AACECFB8-B6AE-40C7-BD96-F4F03911E18D} - System32\Tasks\{CECDFBDA-88CF-488D-AADB-940C33CA7CBE} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\CANON POWERSHOT A40\A40WI410EN\ENGLISH\SETUP.EXE" -d "C:\Users\Jim Considine\Downloads\CANON POWERSHOT A40\A40WI410EN\ENGLISH"
Task: {AB033AC2-40CA-4EB0-BDD9-21979D90411C} - System32\Tasks\{0E33B858-3B00-4857-B5C6-A7205E72D00D} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-08-23] (Microsoft Corporation)
Task: {AC2CAB82-BC47-47F2-BA32-601877258F89} - System32\Tasks\{6075EF55-3E98-418B-9A61-9BA4F4E24D83} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-08-23] (Microsoft Corporation)
Task: {B5A83209-A979-41FD-A782-E1BDA7AEEA59} - System32\Tasks\{247847D9-A7C2-4D39-BC5F-42104EC5BF44} => C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe [2013-11-07] ()
Task: {C22AA911-4B03-4AB7-BF5C-724D9D75A0A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000UA => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {D4F7579E-9815-4908-996A-51E1BB6223B4} - System32\Tasks\{C606327F-8474-4BD3-98AE-DFB29072CE10} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\HP DRIVERS FOR INTEL PROSET\sp47546.exe" -d "C:\Users\Jim Considine\Downloads\HP DRIVERS FOR INTEL PROSET"
Task: {D63B553B-31E9-4CEC-AB5E-36DED40EFC52} - System32\Tasks\{0C23116F-3B6B-416D-BBC7-3B25B85CED48} => pcalua.exe -a C:\Users\JIMCON~1\AppData\Local\Temp\dlm6DB4.tmp\iconst7p.exe -d "C:\Users\Jim Considine\Downloads\ICON COOL STUDIO"
Task: {E9DFB55B-7258-4E4B-B3CB-AB4EEA9B756C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {EA0645FE-70F5-4253-8CFF-96A956EF5008} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-03-12] ()
Task: {EAB70206-527B-4061-AB7B-661613BAEEC1} - System32\Tasks\{6014E729-EAD0-4112-AB8C-5B0F1BADD37F} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\IMAGE ANALYZER\AdvancedFiltersPlugin.exe" -d "C:\Users\Jim Considine\Downloads\IMAGE ANALYZER"
Task: {EB466230-5538-443E-8B55-BA4A371D6197} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {FA576457-E062-427A-A829-0F96DC95AB81} - System32\Tasks\{7297F33A-B535-4AEA-972F-2C0BF936769C} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\CANNON SCANNER\lide60vst6411111a_64en\SetupSG.exe" -d "C:\Users\Jim Considine\Downloads\CANNON SCANNER\lide60vst6411111a_64en"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000Core.job => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000UA.job => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 ____C () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 ____C () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-02 06:11 - 2014-04-02 06:11 - 00022016 ____C () C:\Program Files\Intel\WRT\PerformanceDebugger.dll
2015-03-12 06:38 - 2015-03-07 01:57 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-12 06:38 - 2015-03-07 01:57 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-12 06:38 - 2015-03-07 01:57 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim Considine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3980735000-1117649075-3546456287-500 - Administrator - Disabled)
Guest (S-1-5-21-3980735000-1117649075-3546456287-501 - Limited - Disabled)
Jim Considine (S-1-5-21-3980735000-1117649075-3546456287-1000 - Administrator - Enabled) => C:\Users\Jim Considine
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2015 09:33:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/17/2015 09:32:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/17/2015 02:51:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoScape.exe, version: 1.0.0.1302, time stamp: 0x54106fd0
Faulting module name: PhotoScape.exe, version: 1.0.0.1302, time stamp: 0x54106fd0
Exception code: 0xc0000005
Fault offset: 0x000f6f9f
Faulting process id: 0x16c
Faulting application start time: 0xPhotoScape.exe0
Faulting application path: PhotoScape.exe1
Faulting module path: PhotoScape.exe2
Report Id: PhotoScape.exe3
 
Error: (03/17/2015 09:50:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/17/2015 09:48:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/16/2015 11:48:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/16/2015 11:46:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (03/16/2015 01:57:11 PM) (Source: MsiInstaller) (EventID: 11500) (User: JimConsidine-PC)
Description: Product: Boost -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
 
Error: (03/16/2015 01:56:51 PM) (Source: MsiInstaller) (EventID: 11500) (User: JimConsidine-PC)
Description: Product: Boost -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
 
Error: (03/16/2015 03:32:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/17/2015 09:33:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqwmiex service failed to start due to the following error: 
%%1053
 
Error: (03/17/2015 09:33:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
 
Error: (03/17/2015 09:59:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (03/17/2015 09:59:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (03/17/2015 09:49:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqwmiex service failed to start due to the following error: 
%%1053
 
Error: (03/17/2015 09:49:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
 
Error: (03/16/2015 11:57:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (03/16/2015 11:57:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (03/16/2015 11:47:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpqwmiex service failed to start due to the following error: 
%%1053
 
Error: (03/16/2015 11:47:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (03/17/2015 09:33:55 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/17/2015 09:32:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/17/2015 02:51:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PhotoScape.exe1.0.0.130254106fd0PhotoScape.exe1.0.0.130254106fd0c0000005000f6f9f16c01d060da80201baaC:\Program Files (x86)\PhotoScape\PhotoScape.exeC:\Program Files (x86)\PhotoScape\PhotoScape.exe95db71f5-ccd6-11e4-8d63-00262db143b5
 
Error: (03/17/2015 09:50:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/17/2015 09:48:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/16/2015 11:48:39 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/16/2015 11:46:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (03/16/2015 01:57:11 PM) (Source: MsiInstaller) (EventID: 11500) (User: JimConsidine-PC)
Description: Product: Boost -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (03/16/2015 01:56:51 PM) (Source: MsiInstaller) (EventID: 11500) (User: JimConsidine-PC)
Description: Product: Boost -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (03/16/2015 03:32:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-14 12:40:40.159
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 12:40:40.065
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 12:40:39.972
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-14 12:40:39.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-28 15:29:30.581
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-28 15:29:30.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-28 15:29:30.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-28 15:29:30.269
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-21 14:00:46.335
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-21 14:00:46.241
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 66%
Total physical RAM: 3003.19 MB
Available physical RAM: 1005.37 MB
Total Pagefile: 6004.57 MB
Available Pagefile: 3160.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:135.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C2DA5CF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 21 March 2015 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

(Reason Software Company Inc.) C:\Users\Jim Considine\AppData\Roaming\Reason\Boost\boost.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [ctfmon.exe] => -
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\ixquick-https.xml [2014-12-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Extension: (Ghostery) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-10]
CHR HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JIMCON~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fbdcdnbcndinbnlandfinodnfcodgabl] - C:\Users\Jim Considine\AppData\Local\CRE\fbdcdnbcndinbnlandfinodnfcodgabl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fbdcdnbcndinbnlandfinodnfcodgabl] - C:\Users\Jim Considine\AppData\Local\CRE\fbdcdnbcndinbnlandfinodnfcodgabl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
Task: {6F67C55C-C560-42E9-9C78-67EC6BC6F1F0} - \AutoKMSCustom No Task File <==== ATTENTION
C:\Users\Jim Considine\AppData\Roaming\Reason\Boost

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:31 PM

Posted 22 March 2015 - 08:43 PM

Since I submitted this request, I have cleaned out quite a few "infections". 

  1. The first step was to run Adware Cleaner  .... here are the results:
# AdwCleaner v4.112 - Logfile created 18/03/2015 at 21:39:32
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jim Considine - JIMCONSIDINE-PC
# Running from : C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM\APPLICATIONS\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.31
Folder Deleted : C:\Users\Jim Considine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
Folder Deleted : C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
 
-\\ Google Chrome v41.0.2272.89
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [864 bytes] - [19/02/2015 01:07:09]
AdwCleaner[R1].txt - [984 bytes] - [21/02/2015 00:00:03]
AdwCleaner[R2].txt - [2222 bytes] - [07/03/2015 15:40:18]
AdwCleaner[R3].txt - [2301 bytes] - [11/03/2015 09:45:39]
AdwCleaner[R4].txt - [1768 bytes] - [18/03/2015 21:04:30]
AdwCleaner[S0].txt - [929 bytes] - [19/02/2015 01:24:04]
AdwCleaner[S1].txt - [1049 bytes] - [21/02/2015 00:27:51]
AdwCleaner[S2].txt - [4486 bytes] - [07/03/2015 15:45:03]
AdwCleaner[S3].txt - [4565 bytes] - [11/03/2015 09:59:26]
AdwCleaner[S4].txt - [1703 bytes] - [18/03/2015 21:39:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1762  bytes] ##########
 
======================================================================================================
 
 

2. I found the computer running VERY sluggishly yesterday (3/21/15) I took the following steps:

 

  • Ran the MS Security Essentials Scan. - It found a "severe" infection, a backdoor trojan named Backdoor.MSIL/Bladabindi (It came with a "You Tube downloader application" (this was deleted several months ago)

3.  The next step was to run my weekly maintenance of CC Cleaner (a cleaning and a registry repair).  I follow this with "Defraggler" which I ran twice. I also take this time to run "Revo Uninstaller" and appraise which programs I am no longer using and might be wasting space. 

 

4.  This morning, the computer was still running poorly. 

  • I ran Combo Repair (I'll supply the log if you would to see it)
  • Then I ran ESET scanner which came up with a gaggle of infections (to follow)
C:\Users\All Users\{49c4070c-c488-931f-49c4-4070cc481c33}\Microsoft Office 2010 Latest Crack is Here ! (Microsoft Toolkit).exe a variant of Win32/Adware.MultiPlug.FQ application
C:\Users\All Users\{9d412e31-8763-3ac7-9d41-12e31876b8c6}\Microsoft Office 2010 Latest Crack is Here ! (Microsoft Toolkit).exe a variant of Win32/Adware.MultiPlug.FQ application
C:\ProgramData\{49c4070c-c488-931f-49c4-4070cc481c33}\Microsoft Office 2010 Latest Crack is Here ! (Microsoft Toolkit).exe a variant of Win32/Adware.MultiPlug.FQ application cleaned by deleting - quarantined
C:\ProgramData\{9d412e31-8763-3ac7-9d41-12e31876b8c6}\Microsoft Office 2010 Latest Crack is Here ! (Microsoft Toolkit).exe a variant of Win32/Adware.MultiPlug.FQ application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Jim Considine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jim Considine.exe.vir Win32/CoinMiner.CW trojan cleaned by deleting - quarantined
C:\Users\Jim Considine\Downloads\AUDIO VIDEO COMPONENT\avc-free.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\BURN AWARE\burnaware_free.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\CC CLEANER\ccsetup418.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\CC CLEANER\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\CC CLEANER\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\CC CLEANER\ccsetup501.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\CC CLEANER\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\CC CLEANER\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jim Considine\Downloads\DEFRAGGLER\dfsetup219.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
======================================
 
Then I went to Bleeping computer where I found your reply.
 
Jim Considine

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 23 March 2015 - 07:32 AM

Did you run my fix?

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 29 March 2015 - 08:43 AM

Are you still with me?

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:31 PM

Posted 29 March 2015 - 01:22 PM

I am here. 

I am not convinced that I am thoroughly disinfected.

Would you mind if I ran a diagnostic report of your choice so that you can appraise the situation? Once we commit to this, I will not do anything else until I hear back from you. 

Jim



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 29 March 2015 - 01:33 PM

Before I suggests any other tool.
What is the current problem?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 03 April 2015 - 07:39 AM

Are you still with me?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:31 PM

Posted 09 April 2015 - 08:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users