Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Leftover Conduit Entry


  • This topic is locked This topic is locked
14 replies to this topic

#1 Draclvr

Draclvr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 19 March 2015 - 09:55 AM

This is not a big deal, but after cleaning up a mildly infected computer with Malwarebytes Professional, AdwCleaner and HitmanPro, I find I still have a running process for SearchProtect when I checked in Task Manager for anything else.  It is not showing it's using a lot of resources, but it is there.  The entry is located in the System 32 file.  I hesitate to remove anything from that file...
 
Should I leave well enough alone or delete it?  Thanks!

Edit: Topic moved from General Security to the more appropriate forum. ~ Animal

Edit: Topic moved from Am I Infected forum to the more appropriate forum. At the request of Malware Removal team member. ~ Animal

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 19 March 2015 - 01:40 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 21 March 2015 - 10:13 AM

Thank you so much for your reply, Jürgen.  I do not have the computer at this time as the owner needed it to complete some work.  I will get it back from her and run these scans as soon as possible, but it may be several days.  I will get back to you in this thread as soon as I have it back.

 

I do a lot of this kind of work too, but my "fee" is a bottle of wine!


Edited by Draclvr, 21 March 2015 - 10:33 AM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 21 March 2015 - 10:24 AM

I will get back to you in this thread as soon as I have it back.

OK. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 26 March 2015 - 11:11 PM

Jürgen, I'm still here.  My friend's mother passed away yesterday, so I won't be able to get the computer until later this weekend.  I saw her at the funeral home and told me it suddenly stopped connecting to the internet again, so I'm sure there is still something going on.  I hope to get the laptop from her later this weekend after the funeral.

 

Hang in there with me!



#6 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 28 March 2015 - 04:22 PM

OK. Got the laptop today.  Here are the two Farbar logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Belinda (administrator) on BELINDA-PC on 28-03-2015 16:16:38
Running from C:\Users\Belinda\Downloads
Loaded Profiles: Belinda (Available profiles: Belinda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_134_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\...\MountPoints2: {6f15e8bd-9155-11de-b9ba-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\...\MountPoints2: {72663a16-213d-11df-9d94-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50
HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {22348997-7FD7-4759-AB9D-EB2B7A365617} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4250258325-1562067111-3671703038-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-4250258325-1562067111-3671703038-1000 -> {DF502C3D-EFE6-4222-9D04-F6621B0E6B56} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-31] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-31] (Google Inc.)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll [2009-06-08] (AOL Products)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-27] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-31] (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-4250258325-1562067111-3671703038-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-4250258325-1562067111-3671703038-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-4250258325-1562067111-3671703038-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-31] (Google Inc.)
Toolbar: HKU\S-1-5-21-4250258325-1562067111-3671703038-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
Tcpip\Parameters: [DhcpNameServer] 10.10.10.10 10.10.10.11 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-08-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-20]
FF HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-26]
CHR Extension: (500px) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2014-10-26]
CHR Extension: (TechSmith Snagit) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2014-10-26]
CHR Extension: (Murder Files) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf [2014-10-26]
CHR Extension: (Spelunky HTML5) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2014-10-26]
CHR Extension: (SiriusXM) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbdoippffioahmjdapnadeelifajhco [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-11-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-10-08] (support.com, Inc)
S1 cjgectld; \??\C:\Windows\system32\drivers\cjgectld.sys [X]
U4 eabfiltr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 16:16 - 2015-03-28 16:17 - 00021034 _____ () C:\Users\Belinda\Downloads\FRST.txt
2015-03-28 16:16 - 2015-03-28 16:16 - 00000000 ____D () C:\FRST
2015-03-28 16:15 - 2015-03-28 16:15 - 02095616 _____ (Farbar) C:\Users\Belinda\Downloads\FRST64.exe
2015-03-27 23:24 - 2015-03-27 23:24 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{FFB975F9-E8C7-4ECA-ACC6-E65EA45712F6}
2015-03-26 10:38 - 2015-03-26 10:38 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{25FB6273-DE07-448C-9895-10B644644B45}
2015-03-25 20:15 - 2015-03-25 20:15 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{43442BC2-EB97-48F5-9551-BD1DFFD81DD5}
2015-03-25 20:00 - 2015-03-25 20:00 - 00001936 _____ () C:\Users\Belinda\Desktop\Mom photos - Shortcut.lnk
2015-03-25 20:00 - 2015-03-25 20:00 - 00001914 _____ () C:\Users\Belinda\Documents\Mom photos - Shortcut.lnk
2015-03-25 19:59 - 2015-03-26 08:02 - 00000000 ____D () C:\Users\Belinda\Documents\Mom photos
2015-03-25 08:14 - 2015-03-25 08:15 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{2229ADE9-B95F-4662-8B5B-9EAFFCCE7660}
2015-03-24 19:54 - 2015-03-24 19:55 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{89FEEF47-C4C1-4F1D-82FB-B9FAF858F7EB}
2015-03-22 20:29 - 2015-03-22 20:29 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{BD64B373-9D53-40AA-BA5A-609403C9349B}
2015-03-22 08:28 - 2015-03-22 08:29 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{5111B338-84DE-4786-A0C2-47F2DCF86DE0}
2015-03-21 08:52 - 2015-03-21 08:53 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{DCD987CC-B5C5-4D9F-965F-D9D48C859CAD}
2015-03-20 20:12 - 2015-03-20 20:12 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{C86E042F-7F76-41D1-B82A-2501EA9D23C9}
2015-03-20 08:10 - 2015-03-20 08:10 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{51450489-8311-44F6-AC2E-B2DA215C636A}
2015-03-18 18:48 - 2015-03-18 18:48 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{954154E7-EB9B-4EE3-AABD-1B58F9D51F62}
2015-03-18 16:22 - 2015-03-18 16:22 - 00000000 ____D () C:\Users\Belinda\Documents\Book of Unwritten Tales
2015-03-18 16:20 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-18 16:20 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-03-18 16:20 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-03-18 16:20 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-03-18 16:20 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-03-18 16:20 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-03-18 16:20 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-03-18 16:20 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-03-18 16:20 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-03-18 16:20 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-03-18 16:20 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-03-18 16:20 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-03-18 16:20 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-03-18 16:20 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-03-18 16:20 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-03-18 16:20 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-03-18 16:20 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-03-18 16:20 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-03-18 16:20 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-03-18 16:20 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-03-18 16:20 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-03-18 16:20 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-03-18 16:20 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-03-18 16:20 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-03-18 16:20 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-03-18 16:20 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-03-18 16:20 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-03-18 16:20 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-03-18 16:20 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-03-18 16:20 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-03-18 16:20 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-03-18 16:20 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-03-18 16:20 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-03-18 16:20 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-03-18 16:20 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-03-18 16:20 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-03-18 16:19 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-03-18 16:19 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-03-18 16:19 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-03-18 16:19 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-03-18 16:19 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-03-18 16:19 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-03-18 16:19 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-03-18 16:19 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-03-18 16:19 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-03-18 16:19 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-03-18 16:19 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-03-18 16:19 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-03-18 16:19 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-03-18 16:19 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-03-18 16:19 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-03-18 16:19 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-03-18 16:19 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-03-18 16:19 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-03-18 16:19 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-03-18 16:19 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-03-18 16:19 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-03-18 16:19 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-03-18 16:19 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-03-18 16:19 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-03-18 16:19 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-03-18 16:19 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-03-18 16:19 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-03-18 16:19 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-03-18 16:19 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-03-18 16:19 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-03-18 16:19 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-03-18 16:19 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-03-18 16:19 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-03-18 16:19 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-03-18 16:19 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-03-18 16:19 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-03-18 16:19 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-03-18 16:19 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-03-18 16:19 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-03-18 16:19 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-03-18 16:19 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-03-18 16:19 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-03-18 16:19 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-03-18 16:19 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-03-18 16:19 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-03-18 16:19 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-03-18 16:19 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-03-18 16:19 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-03-18 16:19 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-03-18 16:19 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-03-18 16:19 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-03-18 16:19 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-03-18 16:19 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-03-18 16:19 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-03-18 16:19 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-03-18 16:19 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-03-18 16:19 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-03-18 16:19 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-03-18 16:19 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-03-18 16:19 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-03-18 16:19 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-03-18 16:19 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-03-18 16:19 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-03-18 16:19 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-03-18 16:19 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-03-18 16:19 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-03-18 16:19 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-03-18 16:19 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-03-18 16:19 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-03-18 16:19 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-03-18 16:19 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-03-18 16:19 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-03-18 16:19 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-03-18 16:19 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-03-18 16:19 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-03-18 16:19 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-03-18 16:19 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-03-18 16:19 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-03-18 16:19 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-03-18 16:19 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-03-18 16:19 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-03-18 16:19 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-03-18 16:19 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-03-18 16:19 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-03-18 16:19 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-03-18 16:19 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-03-18 16:19 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-03-18 16:19 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-03-18 16:19 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-03-18 16:19 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-03-18 16:18 - 2015-03-18 16:19 - 00010269 _____ () C:\Windows\DirectX.log
2015-03-18 16:18 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-03-18 16:18 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-03-18 16:18 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-03-18 16:18 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-03-18 16:18 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-03-18 16:18 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-03-18 16:18 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-03-18 16:18 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-03-18 16:18 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-03-18 16:18 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-03-18 16:18 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-03-18 16:17 - 2015-03-18 16:17 - 00001092 _____ () C:\Users\Belinda\Desktop\The Book of Unwritten Tales.lnk
2015-03-18 16:17 - 2015-03-18 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales
2015-03-18 16:05 - 2015-03-18 16:06 - 00000000 ____D () C:\Program Files (x86)\Book of Unwritten Tales
2015-03-18 14:50 - 2015-03-18 14:50 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-18 14:49 - 2015-03-18 14:49 - 00002800 _____ () C:\Windows\system32\.crusader
2015-03-18 14:25 - 2015-03-18 14:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-18 14:01 - 2015-03-18 14:01 - 00002221 _____ () C:\Users\Belinda\Desktop\HP Support Assistant.lnk
2015-03-18 14:01 - 2015-03-18 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-03-18 13:56 - 2015-03-18 13:56 - 00000000 ____D () C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2015-03-17 22:40 - 2015-03-17 22:40 - 00000820 _____ () C:\Windows\PFRO.log
2015-03-17 22:39 - 2015-03-28 16:07 - 00004032 _____ () C:\Windows\setupact.log
2015-03-17 22:39 - 2015-03-17 22:39 - 00000000 ____D () C:\Windows\pss
2015-03-17 22:39 - 2015-03-17 22:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-17 22:06 - 2015-03-17 22:06 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-17 22:06 - 2015-03-17 22:06 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-17 22:06 - 2015-03-17 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-17 22:06 - 2015-03-17 22:06 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-17 22:04 - 2015-03-17 22:04 - 05325696 _____ (Piriform Ltd) C:\Users\Belinda\Downloads\ccsetup503.exe
2015-03-17 21:09 - 2015-03-17 21:09 - 00019796 _____ () C:\Users\Belinda\Documents\AdwCleaner[S0].txt
2015-03-17 21:00 - 2015-03-18 14:06 - 00000000 ____D () C:\AdwCleaner
2015-03-15 19:42 - 2015-03-15 19:42 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{65419B75-8A0D-425C-A533-A927786B2540}
2015-03-15 18:42 - 2015-03-15 18:42 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{566D3C07-FEE8-4A3C-83FE-F8A49AEA6EC8}
2015-03-14 08:36 - 2015-03-14 08:36 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{0F58A25E-5788-4FBF-B2CF-ADCD344DB7C3}
2015-03-13 20:54 - 2015-03-13 20:54 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{FECFDDFC-83C9-41E1-9E0C-9CBD7B7069AA}
2015-03-12 21:51 - 2015-03-12 21:51 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{2EB0B197-5D96-4DAA-A261-A0EDE6D9C236}
2015-03-10 19:38 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 19:38 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 19:38 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 19:38 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 19:38 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 19:38 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 19:38 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 19:38 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 19:38 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 19:38 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 19:37 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 19:37 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 19:37 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 19:37 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 19:37 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 19:37 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 19:37 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 19:37 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 19:37 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 19:37 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 19:37 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 19:37 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 19:37 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 19:37 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 19:37 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 19:37 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 19:37 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 19:37 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 19:37 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 19:37 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 19:37 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 19:37 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 19:37 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 19:37 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 19:37 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 19:37 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 19:36 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 19:36 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 19:36 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 19:36 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 19:36 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 19:36 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 19:36 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 19:36 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 19:36 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 19:36 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 19:36 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 19:36 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 19:36 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 19:36 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 19:36 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 19:36 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 19:36 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 19:36 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 19:36 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 19:36 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 19:35 - 2015-03-10 19:35 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{4679E2CA-569B-4E14-B617-31F9C4D0427F}
2015-03-10 19:35 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 19:35 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 19:35 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 19:35 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 19:35 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 19:35 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 19:35 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 19:35 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 19:35 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 19:35 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 19:35 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 19:35 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 19:35 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 19:35 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 19:35 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 19:35 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 19:35 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 19:35 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 19:35 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 19:35 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 19:35 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 19:35 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 19:35 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 19:35 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 19:35 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 19:35 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 19:35 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 19:35 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 19:35 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 19:35 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 19:35 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 19:35 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 19:35 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 19:35 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 19:35 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 19:35 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 19:35 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 19:35 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 19:35 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 19:35 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 19:35 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 19:35 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 19:35 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 19:35 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 19:35 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 19:35 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 19:35 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 19:35 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 19:35 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 19:35 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 19:35 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 19:35 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 19:35 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 19:35 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 19:35 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 19:35 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 19:35 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 19:35 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 19:35 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 19:35 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 19:35 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 19:33 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 19:33 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 07:34 - 2015-03-10 07:34 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{F5D23907-56BF-4067-BE0C-0D3AB2AEF232}
2015-03-09 15:33 - 2015-03-09 15:33 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{EFD2CACA-2615-43B4-8C54-8C135BB66EFC}
2015-03-07 10:21 - 2015-03-07 10:21 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{E9BD46A1-9A78-4C6D-9FEB-BE88B2C7CB83}
2015-03-06 16:49 - 2015-03-06 16:49 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{F32D80C6-6788-48E6-90AB-763979EF6057}
2015-03-05 20:14 - 2015-03-05 20:14 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{3DE4D1CE-8B51-434D-A117-63D7D5557BE4}
2015-03-05 02:22 - 2015-03-05 02:22 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{D0FB7D37-CC89-4A89-B9E5-7B521C1EE7A0}
2015-03-04 07:33 - 2015-03-04 07:33 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{292B3005-E2E5-4380-AD7C-AA979019EB07}
2015-03-03 19:17 - 2015-03-03 19:17 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{09EA3D9C-3CE9-41E7-AE82-77FDF1029C3E}
2015-03-03 07:01 - 2015-03-03 07:01 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{4F81CEC9-590D-4E88-9440-898EC3F80577}
2015-03-02 15:51 - 2015-03-02 15:51 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{7DC536F9-A015-49CD-95EB-B33B32CD6EB7}
2015-03-01 21:20 - 2015-03-01 21:20 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{3268C8E1-8B48-47CE-8DB1-F720862CA93F}
2015-03-01 09:13 - 2015-03-01 09:20 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{710FCD6E-F096-45BA-A366-63F5C836E3EB}
2015-02-28 14:58 - 2015-02-28 14:59 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{D53534F7-4B99-40A4-89DD-0727E4C2B450}
2015-02-27 19:21 - 2015-02-27 19:21 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{9405095F-44C9-4B31-9011-332776A12ABA}
2015-02-26 20:36 - 2015-02-26 20:36 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{D727EB7A-2B67-4986-8096-34C61EB93E43}
2015-02-26 08:34 - 2015-02-26 08:34 - 00000000 ____D () C:\Users\Belinda\AppData\Local\{D5729F59-2B55-4B3F-9D0E-87513679BA86}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 16:15 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 16:15 - 2009-07-13 23:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 16:14 - 2009-07-14 00:13 - 00788704 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 16:13 - 2014-10-12 10:57 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBelinda
2015-03-28 16:13 - 2014-10-12 10:57 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForBelinda.job
2015-03-28 16:13 - 2009-08-25 03:41 - 01405489 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 16:12 - 2009-12-07 20:02 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{90890ACD-5C79-43D8-B19E-D3DAC48DABC4}
2015-03-28 16:08 - 2014-12-23 22:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 16:07 - 2010-04-07 20:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 16:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 09:24 - 2012-02-28 22:12 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-03-28 09:24 - 2010-04-07 20:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 08:54 - 2012-04-09 14:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 13:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-24 20:29 - 2014-12-23 22:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-24 20:29 - 2014-12-23 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-24 20:29 - 2014-12-23 22:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-18 16:21 - 2010-07-31 11:22 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-03-18 16:21 - 2010-07-31 11:22 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-03-18 16:21 - 2010-07-31 11:22 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-03-18 16:21 - 2010-07-31 11:22 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-03-18 14:01 - 2009-08-09 02:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-18 14:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2015-03-18 13:57 - 2009-08-09 01:58 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-18 13:55 - 2009-08-09 02:01 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-18 13:54 - 2009-07-16 18:15 - 00000000 ____D () C:\SwSetup
2015-03-18 07:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-17 22:43 - 2009-11-30 06:43 - 00085088 _____ () C:\Users\Belinda\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 22:40 - 2009-07-13 23:45 - 00350608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-17 22:36 - 2009-11-30 22:58 - 00000000 ____D () C:\Users\Belinda\Tracing
2015-03-17 22:35 - 2015-02-16 06:08 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 22:35 - 2009-07-25 01:11 - 00000000 ____D () C:\Windows\Panther
2015-03-17 20:39 - 2009-11-30 06:37 - 00000000 ____D () C:\Users\Belinda
2015-03-17 06:15 - 2014-12-23 22:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-12-23 22:00 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-12-23 22:00 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 20:52 - 2010-01-18 19:51 - 00000000 ____D () C:\Users\Belinda\AppData\Roaming\Skype
2015-03-13 19:25 - 2009-12-03 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-13 11:50 - 2012-04-09 14:22 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 11:50 - 2012-04-09 14:22 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 11:50 - 2011-06-23 20:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 11:49 - 2014-08-29 18:39 - 00000000 ____D () C:\Users\Belinda\AppData\Local\Adobe
2015-03-12 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-10 22:18 - 2009-12-03 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 22:11 - 2013-08-13 22:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 22:04 - 2010-03-21 20:30 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-03 08:17 - 2009-11-30 22:54 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 09:28 - 2011-01-26 18:06 - 00781318 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-26 08:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2011-03-04 18:52 - 2011-07-20 06:50 - 0001854 _____ () C:\Users\Belinda\AppData\Roaming\GhostObjGAFix.xml
2009-11-30 06:54 - 2009-11-30 06:54 - 0000000 _____ () C:\Users\Belinda\AppData\Local\AtStart.txt
2009-11-30 06:54 - 2009-11-30 06:54 - 0000000 _____ () C:\Users\Belinda\AppData\Local\DSwitch.txt
2009-11-30 06:54 - 2009-11-30 06:54 - 0000000 _____ () C:\Users\Belinda\AppData\Local\QSwitch.txt
2014-10-27 19:38 - 2014-10-27 19:38 - 0007597 _____ () C:\Users\Belinda\AppData\Local\Resmon.ResmonCfg
2013-01-21 18:25 - 2013-01-21 18:25 - 1897296 _____ () C:\Users\Belinda\AppData\Local\tmp12-8-2004 (3)-01.0
2013-01-21 18:25 - 2013-01-21 18:25 - 0482629 _____ () C:\Users\Belinda\AppData\Local\tmp12-8-2004 (3)-01.JPG
2011-04-10 11:23 - 2011-04-10 11:23 - 1768657 _____ () C:\Users\Belinda\AppData\Local\tmp391784-R1-008-2A_003.0
2011-04-10 11:23 - 2011-04-10 11:23 - 0417757 _____ () C:\Users\Belinda\AppData\Local\tmp391784-R1-008-2A_003.1
2011-04-10 11:23 - 2011-04-10 11:23 - 0418885 _____ () C:\Users\Belinda\AppData\Local\tmp391784-R1-008-2A_003.JPG
2011-04-10 11:24 - 2011-04-10 11:24 - 1398190 _____ () C:\Users\Belinda\AppData\Local\tmp391784-R1-010-3A_004.0
2011-04-10 11:24 - 2011-04-10 11:24 - 0287679 _____ () C:\Users\Belinda\AppData\Local\tmp391784-R1-010-3A_004.1
2011-04-10 11:24 - 2011-04-10 11:24 - 0288048 _____ () C:\Users\Belinda\AppData\Local\tmp391784-R1-010-3A_004.JPG
2009-12-20 17:10 - 2009-12-20 17:09 - 0202165 _____ () C:\Users\Belinda\AppData\Local\tmpATT00094.0
2009-12-20 17:10 - 2009-12-20 17:10 - 0202170 _____ () C:\Users\Belinda\AppData\Local\tmpATT00094.JPG
2013-01-21 18:21 - 2013-01-21 18:21 - 0753035 _____ () C:\Users\Belinda\AppData\Local\tmpCHERYL.0
2013-01-21 18:21 - 2013-01-21 18:21 - 0620186 _____ () C:\Users\Belinda\AppData\Local\tmpCHERYL.JPG
2013-01-21 18:10 - 2013-01-21 18:10 - 0271327 _____ () C:\Users\Belinda\AppData\Local\tmpTHE GIRLS AT BIAS WINERY.0
2013-01-21 18:10 - 2013-01-21 18:10 - 0204430 _____ () C:\Users\Belinda\AppData\Local\tmpTHE GIRLS AT BIAS WINERY.JPG
2013-01-21 18:15 - 2013-01-21 18:15 - 0635454 _____ () C:\Users\Belinda\AppData\Local\tmpTRACIE ON BAR AT LEGION.0
2013-01-21 18:15 - 2013-01-21 18:15 - 0485310 _____ () C:\Users\Belinda\AppData\Local\tmpTRACIE ON BAR AT LEGION.JPG
2013-01-21 18:15 - 2013-01-21 18:15 - 0741335 _____ () C:\Users\Belinda\AppData\Local\tmpTRACIE ON BAR.0
2013-01-21 18:15 - 2013-01-21 18:15 - 0564518 _____ () C:\Users\Belinda\AppData\Local\tmpTRACIE ON BAR.JPG
2014-09-15 18:33 - 2014-09-15 18:33 - 0000000 _____ () C:\Users\Belinda\AppData\Local\{846AE27B-EA70-4935-B425-2FDA762053C4}
2009-11-30 06:54 - 2015-03-28 16:08 - 0000188 _____ () C:\ProgramData\HPWALog.txt
2009-12-20 15:50 - 2009-12-20 15:50 - 0000365 _____ () C:\ProgramData\hpzinstall.log
2012-11-27 17:19 - 2012-11-27 17:31 - 0027142 _____ () C:\ProgramData\xportnchk.ini
2009-08-25 04:17 - 2009-08-25 04:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-09 03:42 - 2009-08-09 03:43 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-08-25 04:16 - 2009-08-25 04:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-09 03:36 - 2009-08-09 03:38 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-08-25 04:16 - 2009-08-25 04:16 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-08-25 04:16 - 2009-08-25 04:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-09 03:35 - 2009-08-09 03:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-09 03:38 - 2009-08-09 03:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-08-25 04:17 - 2009-08-25 04:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\Belinda\AppData\Local\Temp\Quarantine.exe
C:\Users\Belinda\AppData\Local\Temp\sqlite3.dll
C:\Users\Belinda\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-28 03:05

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Belinda at 2015-03-28 16:18:25
Running from C:\Users\Belinda\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{83715090-142B-D305-36EC-7538A007D336}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bejeweled 3 (HKLM-x32\...\BFG-Bejeweled 3) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bluebeard's Castle (HKLM-x32\...\BFG-Bluebeard's Castle) (Version:  - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.18.12 - Broadcom Corporation)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Charlaine Harris: Dying for Daylight (HKLM-x32\...\BFG-Dying_for_Daylight) (Version:  - )
Christmas Eve 3D Screensaver 1.0 (HKLM-x32\...\Christmas Eve 3D Screensaver_is1) (Version:  - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
Fishdom2 (HKLM-x32\...\Fishdom2_is1) (Version:  - Playrix Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
H&R Block Basic + Efile 2010 (HKLM-x32\...\{FD2B3CFD-AFBD-4944-A79D-407CB3C24110}) (Version: 10.02.6402 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.6901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Missouri 2010 (HKLM-x32\...\{8A792FD8-0E1C-4A6D-B958-3C8D684D080E}) (Version: 1.10.2401 - HRB Technology, LLC.)
H&R Block Missouri 2011 (HKLM-x32\...\{1EFF5E76-04E7-4CCB-BFBE-65C2607D1B82}) (Version: 1.11.3201 - HRB Technology, LLC.)
H&R Block Missouri 2012 (HKLM-x32\...\{3E5B5F09-2EF2-425A-A5A6-CFC3A225012F}) (Version: 1.12.3701 - HRB Technology, LLC.)
H&R Block Missouri 2013 (HKLM-x32\...\{0B1B73A6-4DE4-49BD-A484-D2A0582AB78C}) (Version: 1.13.4401 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version:  - )
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
Hope Lake (HKLM-x32\...\BFG-Hope Lake) (Version:  - )
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{474A8F3F-863A-4FCC-91F0-47A61E06FEC9}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{855D3D91-0743-4B75-B469-D45FF68D42BB}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP Photo Creations Powered by RocketLife)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HP User Guides 0154 (HKLM-x32\...\{B51605BF-6326-4553-AE96-6D7F1813D5F5}) (Version: 1.01.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6230.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jigs@w Puzzle 2 (HKLM-x32\...\BFG-Jigs@w Puzzle 2) (Version:  - )
Jigsaw World (HKLM-x32\...\BFG-Jigsaw World) (Version:  - )
Jigsaws Galore (HKLM-x32\...\BFG-Jigsaws Galore) (Version:  - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kuros Bundle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11805620}) (Version:  - Oberon Media)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{7EACD74C-147F-478C-9389-F9F52EE3C88A}) (Version: 1.18.10.2 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files&reg;: Shadow Lake (HKLM-x32\...\BFG-Mystery Case Files - Shadow Lake) (Version:  - )
Mystery Case Files: Fate's Carnival Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - Fates Carnival Collectors Edition) (Version:  - )
Mystika 2: The Sanctuary (HKLM-x32\...\BFG-Mystika 2 - The Sanctuary) (Version:  - )
Nevertales: The Beauty Within Collector's Edition (HKLM-x32\...\BFG-Nevertales - The Beauty Within Collectors Edition) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version:  - )
Peter's Jigsaws (HKLM-x32\...\Peter's Jigsaws) (Version:  - )
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Ravensburger Puzzle Selection (HKLM-x32\...\BFG-Ravensburger Puzzle Selection) (Version:  - )
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Royal Envoy 3 Collector's Edition (HKLM-x32\...\BFG-Royal Envoy 3 Collector's Edition) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Sparkle 2 (HKLM-x32\...\BFG-Sparkle 2) (Version:  - )
Surface: Mystery of Another World (HKLM-x32\...\BFG-Surface - Mystery of Another World) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
The Book Of Unwritten Tales version 1.02 (HKLM-x32\...\The Book Of Unwritten Tales_is1) (Version: 1.02 - Lace Mamba Global Ltd.)
The Lost Inca Prophecy (HKLM-x32\...\The Lost Inca Prophecy_is1) (Version:  - Playrix Entertainment)
The Lost Kingdom Prophecy (HKLM-x32\...\The Lost Kingdom Prophecy_is1) (Version:  - Playrix Entertainment)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VectorEngineer Quick-Tools (HKLM-x32\...\VectorEngineer Quick-Tools) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Witches' Legacy: The Charleston Curse (HKLM-x32\...\BFG-Witches' Legacy - The Charleston Curse) (Version:  - )
World Mosaics 4 (HKLM-x32\...\BFG-World Mosaics 4) (Version:  - )
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

10-03-2015 22:00:35 Windows Update
15-03-2015 19:21:18 Windows Update
18-03-2015 13:57:12 Installed HP Support Assistant
18-03-2015 13:59:56 Windows Modules Installer
18-03-2015 14:00:58 Windows Modules Installer
18-03-2015 14:48:04 Checkpoint by HitmanPro
18-03-2015 14:49:02 Checkpoint by HitmanPro
18-03-2015 16:18:05 Installed DirectX
20-03-2015 19:16:37 Windows Update
21-03-2015 08:52:35 Windows Update
24-03-2015 20:09:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B190014-877F-403D-99E4-44818B1D7D80} - System32\Tasks\HPCeeScheduleForBelinda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {39608BFB-8570-4BD4-9F43-5EF6E0473067} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-10-20] ()
Task: {39C21077-830A-4E18-82CF-ED4C3662D297} - System32\Tasks\{EFD576D7-377D-4F76-8F8B-6E124F16657C} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6H1D1O5\midnight-mysteries-2-the-salem-witch-trials_s1_l1_gF5812T1L1_d1021528532[1].exe" -d C:\Users\Belinda\Desktop
Task: {3BA384B0-369F-4169-ACC2-5947C099B4D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {3E16DCD9-9BC2-4CA1-899A-31C7D3FB9606} - System32\Tasks\{7940B880-3612-42B6-89AC-72747B00E274} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTR63OPP\hidden-in-time-mirror-mirror_s1_l1_gF2875T1L1_d1022433624[1].exe" -d C:\Users\Belinda\Desktop
Task: {44F8D9BF-79A2-40DE-83DE-33F472B11738} - System32\Tasks\{E0A725AF-ED53-45FC-BF8C-C7F08BF30102} => pcalua.exe -a C:\Users\Belinda\Downloads\chromeinstall-8u25.exe -d C:\Users\Belinda\Downloads
Task: {4FC49547-2DEF-460C-8477-C6E2F0C5771B} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {53C08A23-3E60-4079-89C6-7BDE771B6440} - System32\Tasks\{5600DDAE-8CFC-4F6A-8EB9-FFC26CE80E57} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTR63OPP\bigfishgames_p81640756_s1_l1[1].exe" -d C:\Users\Belinda\Desktop
Task: {605627E8-F728-4584-926F-3F3FFB949CE5} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {6C442C68-8ADE-4B6D-A3F9-BD614B1F5527} - System32\Tasks\{3337FEB4-39EB-4B86-87C3-64D147284D67} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XA1VSH3\bigfishgames_p90978752_s1_l1[1].exe" -d C:\Users\Belinda\Desktop
Task: {7305D509-2E28-431D-AE41-E0F80EDB1E1C} - System32\Tasks\{5154A6D3-3D1A-4023-B4B4-E14E4FBF9F59} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XA1VSH3\bigfishgames_p82464031_s1_l1[1].exe" -d C:\Users\Belinda\Desktop
Task: {82ED72D8-3672-4D2A-BC7C-97344AAE8567} - System32\Tasks\{E25ACAF6-08C4-4838-AFE6-10EF27ADA60C} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XA1VSH3\bigfishgames_p89480666_s1_l1[1].exe" -d C:\Users\Belinda\Desktop
Task: {8A09E525-B53D-4D14-BA27-E5B006A48FB4} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {92D6F9B2-371A-4504-BBA3-A3BA457AA0F8} - System32\Tasks\{91CBFC4D-5F2F-450E-8E98-67FFB3591FB6} => pcalua.exe -a "C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTR63OPP\bigfishgames_p81777336_s1_l1[1].exe" -d C:\Users\Belinda\Desktop
Task: {956E7527-D7EE-4E9F-A5A8-7B4B7C0D3078} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {9AEEFC96-821A-415E-86C0-7140255DDC4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {9E1EF211-91F9-4A7E-B691-7E75D8BC9D23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: {A268A3ED-6AA3-4C7C-92A3-C7E8C1421563} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A382BE8D-0865-44D3-A67C-73CB276BDBAA} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: {A81DF57C-55CD-4C7A-B6F2-C3C133EFB79B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {C3F6D6F4-0302-4187-8E57-5AC331BCED22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {CCE03DD6-A4FE-4CB2-B425-F4DEDCAB0434} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {CE0FBAAC-2DD9-4356-AB6E-28B918283DCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {DEC8ED80-CF13-418E-87E3-7FF578D00E13} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {DF8FA892-DB47-43B3-9513-F1CDFEBFBDE8} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {F73FC4DF-8354-4AD0-B7A7-CC94CB56F145} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBelinda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2011-04-11 20:58 - 2006-10-19 21:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2009-08-09 03:42 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-07 13:56 - 2009-07-07 13:56 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-08-25 03:39 - 2009-08-25 03:39 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2009-07-23 13:37 - 2009-07-23 13:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-11-03 11:41 - 2011-11-03 11:41 - 01516576 _____ () C:\Program Files (x86)\WOT\WOT.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:000D6A25
AlternateDataStreams: C:\ProgramData\Temp:02CC0035
AlternateDataStreams: C:\ProgramData\Temp:098DBB8A
AlternateDataStreams: C:\ProgramData\Temp:0A74923C
AlternateDataStreams: C:\ProgramData\Temp:0C65EA0E
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:102394C6
AlternateDataStreams: C:\ProgramData\Temp:1095ECE1
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:1604D047
AlternateDataStreams: C:\ProgramData\Temp:160ADF0B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2F8138B7
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:3867977D
AlternateDataStreams: C:\ProgramData\Temp:38D2EA83
AlternateDataStreams: C:\ProgramData\Temp:3AD6342E
AlternateDataStreams: C:\ProgramData\Temp:41AB2C46
AlternateDataStreams: C:\ProgramData\Temp:436BE28C
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:48862C37
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4E79C4F8
AlternateDataStreams: C:\ProgramData\Temp:53DF4438
AlternateDataStreams: C:\ProgramData\Temp:5925E400
AlternateDataStreams: C:\ProgramData\Temp:5B22EC6F
AlternateDataStreams: C:\ProgramData\Temp:5B4686D7
AlternateDataStreams: C:\ProgramData\Temp:5E209A50
AlternateDataStreams: C:\ProgramData\Temp:678C1866
AlternateDataStreams: C:\ProgramData\Temp:6B50A605
AlternateDataStreams: C:\ProgramData\Temp:6DD124E2
AlternateDataStreams: C:\ProgramData\Temp:6ED8B881
AlternateDataStreams: C:\ProgramData\Temp:701B92FB
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96
AlternateDataStreams: C:\ProgramData\Temp:7DC5D762
AlternateDataStreams: C:\ProgramData\Temp:864881BF
AlternateDataStreams: C:\ProgramData\Temp:8C696807
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F4E260C
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:94B46CA2
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A5584049
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537
AlternateDataStreams: C:\ProgramData\Temp:A81F86C8
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AE34D87E
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:B190BE3A
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D
AlternateDataStreams: C:\ProgramData\Temp:BD7D604C
AlternateDataStreams: C:\ProgramData\Temp:BF6C81B2
AlternateDataStreams: C:\ProgramData\Temp:C07A6A6B
AlternateDataStreams: C:\ProgramData\Temp:C0893153
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CF61CE5A
AlternateDataStreams: C:\ProgramData\Temp:D9656460
AlternateDataStreams: C:\ProgramData\Temp:DE875C30
AlternateDataStreams: C:\ProgramData\Temp:E9900C74
AlternateDataStreams: C:\ProgramData\Temp:ED2D63E4
AlternateDataStreams: C:\ProgramData\Temp:ED92736E
AlternateDataStreams: C:\ProgramData\Temp:F5B51004
AlternateDataStreams: C:\ProgramData\Temp:F610C203
AlternateDataStreams: C:\ProgramData\Temp:F72306CC

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4250258325-1562067111-3671703038-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Belinda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.10.10.10 - 10.10.10.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Belinda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JL Edwardian Advent Calendar.lnk => C:\Windows\pss\JL Edwardian Advent Calendar.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

==================== Accounts: =============================

Administrator (S-1-5-21-4250258325-1562067111-3671703038-500 - Administrator - Disabled)
Belinda (S-1-5-21-4250258325-1562067111-3671703038-1000 - Administrator - Enabled) => C:\Users\Belinda
Guest (S-1-5-21-4250258325-1562067111-3671703038-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4250258325-1562067111-3671703038-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003A1EC60.72).  hr = 0x80070005, Access is denied.
.

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000092c,(null),0,REG_BINARY,000000000616E500.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {ffc56d7c-c5e9-4d9c-8610-948750b1736c}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000005b8,(null),0,REG_BINARY,0000000002D7E520.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {0d24313c-25ef-47dd-b619-d0a50ee6dec2}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f0,(null),0,REG_BINARY,000000000211DE40.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4e1d82fe-b653-4edf-afcd-f691ee10bb23}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,(null),0,REG_BINARY,000000000239EF30.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {565c0b27-b16d-4fcb-a11c-3dcc32742fdc}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000092c,(null),0,REG_BINARY,000000000616E500.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {ffc56d7c-c5e9-4d9c-8610-948750b1736c}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,000000000258EE60.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {10ef570e-b469-4bd8-9603-77403ad26009}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ec,(null),0,REG_BINARY,00000000019EEF30.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2ffed902-0acf-4e0c-aee4-980fa05028f4}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000005b8,(null),0,REG_BINARY,0000000002D7E520.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {0d24313c-25ef-47dd-b619-d0a50ee6dec2}

Error: (03/18/2015 02:49:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f0,(null),0,REG_BINARY,000000000211DE40.72).  hr = 0x80070005, Access is denied.
.

Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4e1d82fe-b653-4edf-afcd-f691ee10bb23}

System errors:
=============
Error: (03/28/2015 02:17:41 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.195.193.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.7.0205.00

 Source Path: 4.7.0205.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/28/2015 02:07:26 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.195.193.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.7.0205.00

 Source Path: 4.7.0205.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/27/2015 11:43:20 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.195.193.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.7.0205.00

 Source Path: 4.7.0205.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/26/2015 01:21:54 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.195.193.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.7.0205.00

 Source Path: 4.7.0205.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/26/2015 10:48:35 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.195.193.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.7.0205.00

 Source Path: 4.7.0205.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/18/2015 02:53:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (03/18/2015 02:50:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (03/18/2015 01:56:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (03/18/2015 01:56:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (03/18/2015 01:55:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-03-17 20:33:19.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-17 20:33:19.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-17 20:33:19.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 18:31:27.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 18:31:27.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 18:31:26.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-10 07:32:51.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-10 07:32:51.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-10 07:32:51.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-09 19:39:09.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 4063.19 MB
Available physical RAM: 1665.65 MB
Total Pagefile: 8124.56 MB
Available Pagefile: 5104.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.17 GB) (Free:193.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.72 GB) (Free:2.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MAMG057v2) (CDROM) (Total:3.74 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2169E425)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 29 March 2015 - 05:07 AM

Hi,

Step 1

revouninstaller.pngRevo Uninstaller Free

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Reinstall Google Chrome. Download

Step 3

Scan with adwcleaner.png AdwCleaner (by Xplode).

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 4

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 5

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    systemspecs;
    filesrcm;
    emptyclsid;
    autoclean;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 29 March 2015 - 04:51 PM

Thanks, Jürgen.  The laptop owner is going to run these scans and get back with you as soon as she can.



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 30 March 2015 - 05:26 AM

OK. Thanks for letting me know. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 31 March 2015 - 07:52 PM

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 19:43:08
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Belinda - BELINDA-PC
# Running from : C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLFL3QCW\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Belinda\AppData\LocalLow\ShopAtHome
File Deleted : C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaojmikegpiepcfdkkjaplodkpfmlo_0.localstorage
File Deleted : C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.101

[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7712DEA4-DFE8-4303-975A-26E087D1430B&apn_ptnrs=TV&apn_sauid=010A61C2-7558-46B0-9359-874890A5232E&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchy.easylifeapp.com/?m=web&chplbf=1&src=&lg=en&cc=&hid=&pid=&r=1414281600&q={searchTerms}
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=5D29A691451859DF3AC72F50841F9E28&q={searchTerms}
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M5D41D462-333C-4DC1-B91A-64961FF3AF40&SearchSource=58&CUI=&UM=6&UP=SPEB2D9E40-9005-4F07-B6B3-C59888361FD7&q={searchTerms}&SSPV=
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7712DEA4-DFE8-4303-975A-26E087D1430B&apn_ptnrs=TV&apn_sauid=010A61C2-7558-46B0-9359-874890A5232E&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201
[C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=7712DEA4-DFE8-4303-975A-26E087D1430B&apn_ptnrs=TV&apn_sauid=010A61C2-7558-46B0-9359-874890A5232E&apn_dtid=OSJ000YYUS&q={searchTerms}

*************************

AdwCleaner[R0].txt - [20906 bytes] - [17/03/2015 21:00:48]
AdwCleaner[R1].txt - [867 bytes] - [18/03/2015 14:03:32]
AdwCleaner[R2].txt - [3736 bytes] - [31/03/2015 19:41:21]
AdwCleaner[S0].txt - [19796 bytes] - [17/03/2015 21:06:43]
AdwCleaner[S1].txt - [932 bytes] - [18/03/2015 14:06:20]
AdwCleaner[S2].txt - [3687 bytes] - [31/03/2015 19:43:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3746  bytes] ##########



#11 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 31 March 2015 - 08:20 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/31/2015
Scan Time: 7:54:50 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.01.01
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Belinda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377599
Time Elapsed: 21 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.A1PCCleaner.C, HKLM\SOFTWARE\WOW6432NODE\CAPHYON\ADVANCED INSTALLER\LZMA\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}\4.0.3.1|AI_ExePath, C:\SwSetup\HPProtSHD\Setup.exe, Quarantined, [62034126424868ce3e0b3b7b6a997f81]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#12 Draclvr

Draclvr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 31 March 2015 - 09:17 PM

Zoek.exe v5.0.0.0 Updated 29-March-2015
Tool run by Belinda on Tue 03/31/2015 at 20:29:59.24.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Belinda\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/31/2015 8:31:41 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\support.com deleted successfully
C:\Users\Belinda\AppData\Local\CRE deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DF502C3D-EFE6-4222-9D04-F6621B0E6B56} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully
HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\8e5e8c1c976a5d6 deleted
C:\PROGRA~2\Mystery Case Files - Fates Carnival Collectors Edition deleted
C:\wget.exe deleted
C:\Users\Belinda\AppData\Roaming\YoudaGames deleted
C:\PROGRA~3\Funny Bear Studio deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Fates Carnival Collectors Edition deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Belinda\AppData\Local\{846AE27B-EA70-4935-B425-2FDA762053C4}" deleted
"C:\PROGRA~2\WOT\WOT.dll" deleted
"C:\PROGRA~2\WOT" not deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4064 MB
CPU Info: Intel® Core™2 Duo CPU     T6600  @ 2.20GHz
CPU Speed: 526.6 MHz
Sound Card: Speakers and Dual Headphones (I |
SPDIF (Digital Out via HP Dock) |
Independent Dual Headphones (ID |
Display Adapters: ATI Mobility Radeon HD 4650 | ATI Mobility Radeon HD 4650 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Broadcom 802.11b/g WLAN | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVDRAM GT20L
Ports: COM3 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  285.2GB | D:  12.7GB
Hard Disks - Free: C:  192.4GB | D:  2.1GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 10/09/09 | HPQOEM - 1
Time Zone: Central Standard Time
Motherboard *: Quanta 3628
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17691
Google Chrome version: 41.0.2272.101
Adobe Reader version: 10.1.12.15
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Belinda\AppData\Local\Temp ====
2015-04-01 00:37:56 A5FC2AF113F1E7651598A28A2F21CC98 166792 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\psuser.dll
2015-04-01 00:37:56 80E879A4C23F740A8D22685690A34543 166792 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\psmachine.dll
2015-04-01 00:37:56 60C4C0775904FDB862355A696EFB577B 189320 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\psmachine_64.dll
2015-04-01 00:37:56 40AAE0A1A4F664828DF5A95875AEA1C8 604040 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\npGoogleUpdate3.dll
2015-04-01 00:37:56 0AC4470EC565A14ACE5342B6C78B27B6 189320 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\psuser_64.dll
2015-04-01 00:37:55 E243FE74E2ADE67A1BD3F79E6D8D9245 1689480 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\goopdate.dll
2015-04-01 00:37:55 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleCrashHandler.exe
2015-04-01 00:37:55 8ED114240118031B01F4FFDA972F14DF 880272 ----a-w- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateSetup.exe
2015-04-01 00:37:55 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateBroker.exe
2015-04-01 00:37:55 5EA3B112C4AA3E628A68F0499A4D5CE9 26112 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateHelper.msi
2015-04-01 00:37:55 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdate.exe
2015-04-01 00:37:55 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateOnDemand.exe
2015-04-01 00:37:55 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateComRegisterShell64.exe
2015-04-01 00:37:55 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleCrashHandler64.exe
2015-03-21 03:01:45 BBCDAE65D58D68F1D7719876078D24F7 55168 ----a-w- C:\Users\Belinda\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Interop.TaskScheduler.dll
2015-03-21 03:01:44 BF538FDA511AB9B21B6A0CB1FCDEF2DD 856888 ----a-w- C:\Users\Belinda\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe
2015-03-18 18:58:25 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Belinda\AppData\Local\Temp\{C63341F2-906C-4C5A-8824-951AE32B76C9}\ISBEW64.exe
2015-03-18 18:57:02 41CB698F967B4D9F2580EA2A21A5A710 107320 ------w- C:\Users\Belinda\AppData\Local\Temp\{4576E462-0124-4E08-933C-67A85081FED1}\ISBEW64.exe
2015-03-18 18:54:45 22A8F472D63B2851F17AAE88C7CC1FDB 130360 ----a-w- C:\Users\Belinda\AppData\Local\Temp\UninstallHPSA.exe
2015-03-18 02:25:28 CF95932C00190451115C782E139DE582 264488 ----a-w- C:\Users\Belinda\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes.dll
2015-03-18 02:25:28 2AA753368BF68871962D2E99B8692985 153760 ----a-w- C:\Users\Belinda\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes_LD.dll
2015-03-18 02:25:28 14E9947D26B0A418AA02F87741E4B40B 769736 ----a-w- C:\Users\Belinda\AppData\Local\Temp\MSS\3.8.150.1\McInstallerStartup.dll
2015-03-18 02:25:27 C4CF03B998D4D758B89CD07F22D7A7F9 645168 ----a-w- C:\Users\Belinda\AppData\Local\Temp\MSS\3.8.150.1\McUICnt.exe
2015-03-18 02:25:27 87AA773F15D90973090D4DF76F8E60EF 565808 ----a-w- C:\Users\Belinda\AppData\Local\Temp\MSS\3.8.150.1\mcbrwsr2.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-03-18 21:20:25 E4CE2AF32F501A7F7DDDD908704A0EE6 74072 ----a-w- C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-03-18 21:20:25 4976243BD70FAE3D1D24E49739AB2710 528216 ----a-w- C:\Windows\SysWOW64\XAudio2_6.dll
2015-03-18 21:20:24 F81C4678A55FFEE585AC75825FAF5582 238936 ----a-w- C:\Windows\SysWOW64\xactengine3_6.dll
2015-03-18 21:20:23 C811E70C8804CFFF719038250A43B464 22360 ----a-w- C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-03-18 21:20:19 DB3C93E87452B8DAB4F58ED1FD2B1998 238936 ----a-w- C:\Windows\SysWOW64\xactengine3_5.dll
2015-03-18 21:20:19 B33B21DB610116262D906305CE65C354 1974616 ----a-w- C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-03-18 21:20:18 B337306DFB508A1BCEF1974BFBB8D924 5501792 ----a-w- C:\Windows\SysWOW64\d3dcsx_42.dll
2015-03-18 21:20:17 D09AC80A4B5312239852836C84DF3392 235344 ----a-w- C:\Windows\SysWOW64\d3dx11_42.dll
2015-03-18 21:20:15 C6A44FC3CF2F5801561804272217B14D 1892184 ----a-w- C:\Windows\SysWOW64\D3DX9_42.dll
2015-03-18 21:20:12 3FA06CF5079B84155D18B05C08F7131B 4178264 ----a-w- C:\Windows\SysWOW64\D3DX9_41.dll
2015-03-18 21:20:10 E684C5FA18ADF9EA14737757413BF727 517448 ----a-w- C:\Windows\SysWOW64\XAudio2_4.dll
2015-03-18 21:20:09 E763798CAD2A90B6AB61854F50CD47DD 22360 ----a-w- C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-03-18 21:20:09 686F8D1B4926D48227A06ACD4D41CD1E 235352 ----a-w- C:\Windows\SysWOW64\xactengine3_4.dll
2015-03-18 21:20:08 91B4AAD4412BB223B466F3DFB43E86DA 452440 ----a-w- C:\Windows\SysWOW64\d3dx10_40.dll
2015-03-18 21:20:08 3384134EEB8F223178C2EB8323003EC0 2036576 ----a-w- C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-03-18 21:20:07 EEA5E428CE63804F9B12D21C97B5968F 4379984 ----a-w- C:\Windows\SysWOW64\D3DX9_40.dll
2015-03-18 21:20:06 47ED15DC87AE334C13C4DACD1BE2CCED 514384 ----a-w- C:\Windows\SysWOW64\XAudio2_3.dll
2015-03-18 21:20:06 295E47A75F278580F9441041EAAEA3D2 70992 ----a-w- C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-03-18 21:20:05 8BA296419AF3417D1E9806B83166E472 235856 ----a-w- C:\Windows\SysWOW64\xactengine3_3.dll
2015-03-18 21:20:04 350FEFE18B86BD4D9AB2A96D00215A49 23376 ----a-w- C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-03-18 21:20:03 D95EAABF5D277EF91D9CA70151209E56 68616 ----a-w- C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-03-18 21:20:03 50F4A0D5E6A0BAFEFA78F353533B8E06 509448 ----a-w- C:\Windows\SysWOW64\XAudio2_2.dll
2015-03-18 21:20:02 F3C6BE26949CAADB11DBF0086082FAC9 238088 ----a-w- C:\Windows\SysWOW64\xactengine3_2.dll
2015-03-18 21:20:01 E6C2F1D8B667DDC04CB55B9F0159EF97 467984 ----a-w- C:\Windows\SysWOW64\d3dx10_39.dll
2015-03-18 21:20:01 C4F1972497FE2CEB7D900938C97FCF91 1493528 ----a-w- C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-03-18 21:20:00 8CB3DEFB8887C4F0846DB1FC1304D6D2 3851784 ----a-w- C:\Windows\SysWOW64\D3DX9_39.dll
2015-03-18 21:19:59 E34FF0115B1EE3B4E03D22AE9840EE03 507400 ----a-w- C:\Windows\SysWOW64\XAudio2_1.dll
2015-03-18 21:19:59 DD165760F1B95200A3DA2D9DFDB84234 65032 ----a-w- C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-03-18 21:19:58 E3832514BD21236067B7227F6165EF95 25608 ----a-w- C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-03-18 21:19:58 2E0E25252E1D41752876E9FE12ADE175 238088 ----a-w- C:\Windows\SysWOW64\xactengine3_1.dll
2015-03-18 21:19:57 A2650B27472C21CDD817EEEDE65648E1 467984 ----a-w- C:\Windows\SysWOW64\d3dx10_38.dll
2015-03-18 21:19:57 103CBFC5591008AD33046E20E8E1EEBE 1491992 ----a-w- C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-03-18 21:19:56 8F3EB548AC4ED90252394F60C77E3196 3850760 ----a-w- C:\Windows\SysWOW64\D3DX9_38.dll
2015-03-18 21:19:55 418CDC57E55EE79C3F86C13A19B3D5E3 479752 ----a-w- C:\Windows\SysWOW64\XAudio2_0.dll
2015-03-18 21:19:53 C593FD0A96EE4B6390B653C4C641313F 25608 ----a-w- C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-03-18 21:19:53 8A83673F0AB001870583FDE2B004FA59 238088 ----a-w- C:\Windows\SysWOW64\xactengine3_0.dll
2015-03-18 21:19:52 EA752DBCE35045D3C830DC16578CC8AB 1420824 ----a-w- C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-03-18 21:19:52 4A43E9A2B17E4CAFA9CB5FEC0B5B686B 462864 ----a-w- C:\Windows\SysWOW64\d3dx10_37.dll
2015-03-18 21:19:51 AC3C517FB0FBBE45FE44007BCD3625A7 3786760 ----a-w- C:\Windows\SysWOW64\D3DX9_37.dll
2015-03-18 21:19:50 73E055AF78A64F9B2779D44407CA2AB6 267272 ----a-w- C:\Windows\SysWOW64\xactengine2_10.dll
2015-03-18 21:19:48 FB4299688A0D3A37687C015AC2B9922D 1374232 ----a-w- C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-03-18 21:19:48 D9158E78A368B08D9133043EB3058C12 444776 ----a-w- C:\Windows\SysWOW64\d3dx10_36.dll
2015-03-18 21:19:47 44BFEC5C9C82A2EE9871D88FD3B9A0E2 3734536 ----a-w- C:\Windows\SysWOW64\d3dx9_36.dll
2015-03-18 21:19:46 46EE68F04A75A1CCF40235EA6F1CBA05 267112 ----a-w- C:\Windows\SysWOW64\xactengine2_9.dll
2015-03-18 21:19:45 F3764552E45880DC49B82F38699AA87C 444776 ----a-w- C:\Windows\SysWOW64\d3dx10_35.dll
2015-03-18 21:19:45 5B441670A4F5F8BCCE76741902B8AF56 1358192 ----a-w- C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-03-18 21:19:44 3EF18B78D17C962F2B71AC1CB7757684 3727720 ----a-w- C:\Windows\SysWOW64\d3dx9_35.dll
2015-03-18 21:19:43 F6A9FC2AD2F9111372B5AB3BBA3707EC 17928 ----a-w- C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-03-18 21:19:43 75F206C195BBACA6EF28565B1C0CD75C 1124720 ----a-w- C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-03-18 21:19:43 5AA9987F2E62B56D7661B6901901F927 443752 ----a-w- C:\Windows\SysWOW64\d3dx10_34.dll
2015-03-18 21:19:43 499210C45AFEAADEE8CF4DCF7D5E570B 266088 ----a-w- C:\Windows\SysWOW64\xactengine2_8.dll
2015-03-18 21:19:42 77F595DEE5FFACEA72B135B1FCE1312E 81768 ----a-w- C:\Windows\SysWOW64\xinput1_3.dll
2015-03-18 21:19:42 1CA939918ED1B930059B3A882DE6F648 3497832 ----a-w- C:\Windows\SysWOW64\d3dx9_34.dll
2015-03-18 21:19:40 FAE7E1D578C42A7C3D9D61A99D178BD5 1123696 ----a-w- C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-03-18 21:19:40 7FEBB8CE2233CBAE738B16D42ED29674 261480 ----a-w- C:\Windows\SysWOW64\xactengine2_7.dll
2015-03-18 21:19:40 37A8171ACCF46A9C196054066C28827F 443752 ----a-w- C:\Windows\SysWOW64\d3dx10_33.dll
2015-03-18 21:19:39 CDB1CD22BAFF21F48606B3C1A18B000B 3495784 ----a-w- C:\Windows\SysWOW64\d3dx9_33.dll
2015-03-18 21:19:38 39000E033D39D19CCCE21AEAFCCE2476 255848 ----a-w- C:\Windows\SysWOW64\xactengine2_6.dll
2015-03-18 21:19:37 86C93789E9006F1AC47ED9DD47D4C8A1 251672 ----a-w- C:\Windows\SysWOW64\xactengine2_5.dll
2015-03-18 21:19:36 6F34F7405807DCBF0B9BF6811C94C6D9 440080 ----a-w- C:\Windows\SysWOW64\d3dx10.dll
2015-03-18 21:19:34 797E24743937D67D69F28F2CF5052EE8 2414360 ----a-w- C:\Windows\SysWOW64\d3dx9_31.dll
2015-03-18 21:19:34 6550E1A0A7BE611592C31222FCB981FB 237848 ----a-w- C:\Windows\SysWOW64\xactengine2_4.dll
2015-03-18 21:19:34 121B131EAA369D8F58DACC5C39A77D80 15128 ----a-w- C:\Windows\SysWOW64\x3daudio1_1.dll
2015-03-18 21:19:33 69D841744B2BAE38FBB2D40A230A549C 236824 ----a-w- C:\Windows\SysWOW64\xactengine2_3.dll
2015-03-18 21:19:32 33B62BE226934E1B01F5043870C70427 62744 ----a-w- C:\Windows\SysWOW64\xinput1_2.dll
2015-03-18 21:19:30 F1726346E583442541FE73429F8E9C10 62672 ----a-w- C:\Windows\SysWOW64\xinput1_1.dll
2015-03-18 21:19:30 5C4D3843B491C047B7A619901FBD2EC1 230168 ----a-w- C:\Windows\SysWOW64\xactengine2_2.dll
2015-03-18 21:19:28 7C9952111F4C743B9F0D8B68B6ED93C9 229584 ----a-w- C:\Windows\SysWOW64\xactengine2_1.dll
2015-03-18 21:19:06 E415862612E65F10D7D888443ECD7594 2388176 ----a-w- C:\Windows\SysWOW64\d3dx9_30.dll
2015-03-18 21:19:01 2112FE0C46662D429347A7D7B49E3ECE 230096 ----a-w- C:\Windows\SysWOW64\xactengine2_0.dll
2015-03-18 21:19:00 4E961525CC7FF0E5D7DA19E170B7C14C 14032 ----a-w- C:\Windows\SysWOW64\x3daudio1_0.dll
2015-03-18 21:18:59 99F4FC172A5ACE36CF00AA7038D23F2C 2332368 ----a-w- C:\Windows\SysWOW64\d3dx9_29.dll
2015-03-18 21:18:56 852EDC778A7A50077694F84D8E601234 2319568 ----a-w- C:\Windows\SysWOW64\d3dx9_27.dll
2015-03-18 21:18:56 523AB607EEF81CC4D909E7FEBD8A788E 2297552 ----a-w- C:\Windows\SysWOW64\d3dx9_26.dll
2015-03-18 21:18:54 5B48FE9D6686F0D54B26A005ACE24D1D 2337488 ----a-w- C:\Windows\SysWOW64\d3dx9_25.dll
2015-03-18 21:18:52 BC831661963763AC4D504C5CABB1FDD9 2222800 ----a-w- C:\Windows\SysWOW64\d3dx9_24.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-03-18 21:20:25 A9724EB3D6CC032D0C4ECAFF4AD8C17F 78680 ----a-w- C:\Windows\Sysnative\XAPOFX1_4.dll
2015-03-18 21:20:25 05E88C8D8E652DFF03B469331F474CCE 530776 ----a-w- C:\Windows\Sysnative\XAudio2_6.dll
2015-03-18 21:20:24 936DCC640B2991905D909395E03B64F9 176984 ----a-w- C:\Windows\Sysnative\xactengine3_6.dll
2015-03-18 21:20:23 B4FF2A39685C1A6D43F0E56EB350AF3A 24920 ----a-w- C:\Windows\Sysnative\X3DAudio1_7.dll
2015-03-18 21:20:20 C291AEFD47A587FF5F509E2F96613F7D 517960 ----a-w- C:\Windows\Sysnative\XAudio2_5.dll
2015-03-18 21:20:19 E92D2E4AFA43CD39A8C1C2C2DB59667E 2582888 ----a-w- C:\Windows\Sysnative\D3DCompiler_42.dll
2015-03-18 21:20:19 51D65BE2F794B944CADAF287B34EF603 176968 ----a-w- C:\Windows\Sysnative\xactengine3_5.dll
2015-03-18 21:20:18 F13B90F5090EBA9041558BC6AAED79B8 5554512 ----a-w- C:\Windows\Sysnative\d3dcsx_42.dll
2015-03-18 21:20:17 522749761B6CC69F8630F4B472DCA623 285024 ----a-w- C:\Windows\Sysnative\d3dx11_42.dll
2015-03-18 21:20:15 1AF7AE1FDE027A30B9097280819A0A86 2475352 ----a-w- C:\Windows\Sysnative\D3DX9_42.dll
2015-03-18 21:20:13 E730967811E3702499446FFC8A432607 520544 ----a-w- C:\Windows\Sysnative\d3dx10_41.dll
2015-03-18 21:20:13 A59A5BADE4AF200C720D99EAE6E04E0E 2430312 ----a-w- C:\Windows\Sysnative\D3DCompiler_41.dll
2015-03-18 21:20:12 ECDDB13BC805B9F3EF3A855E6FD85C69 5425496 ----a-w- C:\Windows\Sysnative\D3DX9_41.dll
2015-03-18 21:20:10 B94F08069EFE2F8151DEF350E526E063 521560 ----a-w- C:\Windows\Sysnative\XAudio2_4.dll
2015-03-18 21:20:10 37B348A79C4C9B8AB925B18FFD241E96 73544 ----a-w- C:\Windows\Sysnative\XAPOFX1_3.dll
2015-03-18 21:20:09 EEE871CC4F5563FF8B3C8385B32B0C5F 24920 ----a-w- C:\Windows\Sysnative\X3DAudio1_6.dll
2015-03-18 21:20:09 1BA01062450BD1F052C54C01C12248F6 174936 ----a-w- C:\Windows\Sysnative\xactengine3_4.dll
2015-03-18 21:20:08 862586AD4B1355F7DCDE111EE0AAF350 519000 ----a-w- C:\Windows\Sysnative\d3dx10_40.dll
2015-03-18 21:20:08 37309B833480DC69FDE7DB68F9B8BC20 2605920 ----a-w- C:\Windows\Sysnative\D3DCompiler_40.dll
2015-03-18 21:20:07 29A79F0B607FAF5722D7BAF2485F632A 5631312 ----a-w- C:\Windows\Sysnative\D3DX9_40.dll
2015-03-18 21:20:06 758139A39AECC1B512576275A27C1177 518480 ----a-w- C:\Windows\Sysnative\XAudio2_3.dll
2015-03-18 21:20:06 2F8F9B707FED2405A787380230CC6FA9 74576 ----a-w- C:\Windows\Sysnative\XAPOFX1_2.dll
2015-03-18 21:20:05 84B41FD03CAFC5048346B3B2AB92D199 175440 ----a-w- C:\Windows\Sysnative\xactengine3_3.dll
2015-03-18 21:20:04 CFF1C1F7B9F855DDEE431D7B5DCACDF8 25936 ----a-w- C:\Windows\Sysnative\X3DAudio1_5.dll
2015-03-18 21:20:03 E335DF094836EE7030F1B9CE7429E884 513544 ----a-w- C:\Windows\Sysnative\XAudio2_2.dll
2015-03-18 21:20:03 0F2DB378FBE2D124E4D3631B329688AE 72200 ----a-w- C:\Windows\Sysnative\XAPOFX1_1.dll
2015-03-18 21:20:02 CC8399A9E51B2AF1C2C20A26D85EB60E 177672 ----a-w- C:\Windows\Sysnative\xactengine3_2.dll
2015-03-18 21:20:01 EAA692FDC990ED0407DF957316DA33C2 540688 ----a-w- C:\Windows\Sysnative\d3dx10_39.dll
2015-03-18 21:20:01 7741A0A6CED6C441B97D625B730D6075 1942552 ----a-w- C:\Windows\Sysnative\D3DCompiler_39.dll
2015-03-18 21:20:00 7505C133FC704B40CFDDFD38777BAAC3 4992520 ----a-w- C:\Windows\Sysnative\D3DX9_39.dll
2015-03-18 21:19:59 E9C0F926D7C9082A805F4FEF81DEEB30 511496 ----a-w- C:\Windows\Sysnative\XAudio2_1.dll
2015-03-18 21:19:59 0E92D8C0ECA74B6D0A55ABAD53226113 68104 ----a-w- C:\Windows\Sysnative\XAPOFX1_0.dll
2015-03-18 21:19:58 DE6004D16DBACD781ED4596C4FEA7D14 28168 ----a-w- C:\Windows\Sysnative\X3DAudio1_4.dll
2015-03-18 21:19:58 A2A098BF5A8C255A0090818AD8E87B0F 177672 ----a-w- C:\Windows\Sysnative\xactengine3_1.dll
2015-03-18 21:19:57 A7E59BB6FAC119FABB83F18BD72AA1D7 1941528 ----a-w- C:\Windows\Sysnative\D3DCompiler_38.dll
2015-03-18 21:19:57 72CB653CECF4EA670E7F5A8D74358423 540688 ----a-w- C:\Windows\Sysnative\d3dx10_38.dll
2015-03-18 21:19:56 E5EC2AB7156A752F9614CDA4BE66EFE8 4991496 ----a-w- C:\Windows\Sysnative\D3DX9_38.dll
2015-03-18 21:19:55 29AF48F6C894328A58DEFDC560A70CF3 489480 ----a-w- C:\Windows\Sysnative\XAudio2_0.dll
2015-03-18 21:19:53 C4C2ED69B18EE1C60026877FCC470FA7 28168 ----a-w- C:\Windows\Sysnative\X3DAudio1_3.dll
2015-03-18 21:19:53 A8B5370B7B61D3777D840DA1C64A1C2D 177672 ----a-w- C:\Windows\Sysnative\xactengine3_0.dll
2015-03-18 21:19:52 A8C5688BBA00C1630550F26260AB5CAE 529424 ----a-w- C:\Windows\Sysnative\d3dx10_37.dll
2015-03-18 21:19:52 31026CEA5AFA2798292179102C06FE40 1860120 ----a-w- C:\Windows\Sysnative\D3DCompiler_37.dll
2015-03-18 21:19:51 8A10974DC6E1E42BDC635C2C2AFBD2CC 4910088 ----a-w- C:\Windows\Sysnative\D3DX9_37.dll
2015-03-18 21:19:50 E8932AF24786765859558CB79E385AC2 411656 ----a-w- C:\Windows\Sysnative\xactengine2_10.dll
2015-03-18 21:19:48 7299DF5CF81135934740211D9A946737 2006552 ----a-w- C:\Windows\Sysnative\D3DCompiler_36.dll
2015-03-18 21:19:48 570FDAE7041775DE0C67747BB7081939 508264 ----a-w- C:\Windows\Sysnative\d3dx10_36.dll
2015-03-18 21:19:47 BBB6C6833C30E323B41860D6DF61972D 5081608 ----a-w- C:\Windows\Sysnative\d3dx9_36.dll
2015-03-18 21:19:46 A69C32C2BD01522A088D254342826866 411496 ----a-w- C:\Windows\Sysnative\xactengine2_9.dll
2015-03-18 21:19:45 B21427EDF0449E92000FF497DAAF89C9 1985904 ----a-w- C:\Windows\Sysnative\D3DCompiler_35.dll
2015-03-18 21:19:45 84116AA94672D623B95217648AE5B5B9 508264 ----a-w- C:\Windows\Sysnative\d3dx10_35.dll
2015-03-18 21:19:44 1B3AF16A27D390096925576202A64037 5073256 ----a-w- C:\Windows\Sysnative\d3dx9_35.dll
2015-03-18 21:19:43 FA485E76F94B7457767E372F47757733 409960 ----a-w- C:\Windows\Sysnative\xactengine2_8.dll
2015-03-18 21:19:43 BC78D5328541410510DDE06B9FA92024 21000 ----a-w- C:\Windows\Sysnative\X3DAudio1_2.dll
2015-03-18 21:19:43 9D9407F52B8E24E99358D9944B0D5FA3 1401200 ----a-w- C:\Windows\Sysnative\D3DCompiler_34.dll
2015-03-18 21:19:43 1ED4E7A82BD5C7DEED082F00E63BB7A0 506728 ----a-w- C:\Windows\Sysnative\d3dx10_34.dll
2015-03-18 21:19:42 BFB3091B167550EC6E6454813D3DB244 107368 ----a-w- C:\Windows\Sysnative\xinput1_3.dll
2015-03-18 21:19:42 AE5D5439525B4A4CBF206058D493685D 4496232 ----a-w- C:\Windows\Sysnative\d3dx9_34.dll
2015-03-18 21:19:40 8C970509E0AE10061E3ED6D51E34FEB9 403304 ----a-w- C:\Windows\Sysnative\xactengine2_7.dll
2015-03-18 21:19:40 839C3921005BB41D441E3752C74F2292 506728 ----a-w- C:\Windows\Sysnative\d3dx10_33.dll
2015-03-18 21:19:40 3EBF620536A13CA343E52ECA4F0DE7F8 1400176 ----a-w- C:\Windows\Sysnative\D3DCompiler_33.dll
2015-03-18 21:19:39 3172C3CAC8EA7CA1B5D5AF6699C037D6 4494184 ----a-w- C:\Windows\Sysnative\d3dx9_33.dll
2015-03-18 21:19:38 4837A54574A6105D404A8560984B93DD 393576 ----a-w- C:\Windows\Sysnative\xactengine2_6.dll
2015-03-18 21:19:37 398FF46FF7354FED2F0F1AECDB546866 390424 ----a-w- C:\Windows\Sysnative\xactengine2_5.dll
2015-03-18 21:19:36 8251826F04BA0822D08AD9B92C65A3D5 469264 ----a-w- C:\Windows\Sysnative\d3dx10.dll
2015-03-18 21:19:34 FAAA0BB9CD2905B25334132E5BA093EB 3977496 ----a-w- C:\Windows\Sysnative\d3dx9_31.dll
2015-03-18 21:19:34 58BB51253427A834A8807B9245CC5965 364824 ----a-w- C:\Windows\Sysnative\xactengine2_4.dll
2015-03-18 21:19:34 489E5B8BB1BD1028FF1C798EAAEC65E4 17688 ----a-w- C:\Windows\Sysnative\x3daudio1_1.dll
2015-03-18 21:19:33 0396D2A98B0CCD4419B572EBF618E81E 363288 ----a-w- C:\Windows\Sysnative\xactengine2_3.dll
2015-03-18 21:19:32 06F15D3CB1AE0EAFA50F595B3FF8D9F5 83736 ----a-w- C:\Windows\Sysnative\xinput1_2.dll
2015-03-18 21:19:30 DC5A914C34EB12056531777D4DD0F44E 354072 ----a-w- C:\Windows\Sysnative\xactengine2_2.dll
2015-03-18 21:19:30 6F9D3289D8B166E478AFFF9EFA92C42C 83664 ----a-w- C:\Windows\Sysnative\xinput1_1.dll
2015-03-18 21:19:28 0CC809422AB40974DFF8078392E4D507 352464 ----a-w- C:\Windows\Sysnative\xactengine2_1.dll
2015-03-18 21:19:06 E09A9CF383ACF4A28038561E62277377 3927248 ----a-w- C:\Windows\Sysnative\d3dx9_30.dll
2015-03-18 21:19:01 CE5753F9A27837259EB52F3F47F39593 355536 ----a-w- C:\Windows\Sysnative\xactengine2_0.dll
2015-03-18 21:19:00 F77D5AB654881E683CFF6650916C424E 16592 ----a-w- C:\Windows\Sysnative\x3daudio1_0.dll
2015-03-18 21:18:59 68B35CBDB4A8CC424718BBCC894FEEEA 3830992 ----a-w- C:\Windows\Sysnative\d3dx9_29.dll
2015-03-18 21:18:58 88BAC8306D4EC79A82B1FFA17DC8CF4A 3815120 ----a-w- C:\Windows\Sysnative\d3dx9_28.dll
2015-03-18 21:18:56 914C3237E4D145A18DCD1D0D4C8659E1 3807440 ----a-w- C:\Windows\Sysnative\d3dx9_27.dll
2015-03-18 21:18:56 44F5C5E27D6825E4E62420BC29B8B533 3767504 ----a-w- C:\Windows\Sysnative\d3dx9_26.dll
2015-03-18 21:18:54 4C56E7C5B2A61353E534C7D15D05856D 3823312 ----a-w- C:\Windows\Sysnative\d3dx9_25.dll
2015-03-18 21:18:52 B165DF72E13E6AF74D47013504319921 3544272 ----a-w- C:\Windows\Sysnative\d3dx9_24.dll
2015-03-18 19:49:12 AAAEFCED163A57665B8C58163CA64841 2800 ----a-w- C:\Windows\Sysnative\.crusader
====== C:\Windows\Sysnative\drivers =====
2015-03-18 19:50:53 C00C33ECF1273D50FA4468A4444DCEA2 43664 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys
2015-03-11 00:37:44 87BCD1034CBF33537D4D4C251D39BA26 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys
2015-03-11 00:37:10 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2015-03-11 00:37:08 90C53BD47979FB8814F465A08B885102 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2015-03-11 00:36:07 8BA90F480705D7153AD0060CCA62222A 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-03-11 00:36:07 27667A788130A7F7A5858DE27572E6D7 459336 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2015-03-11 00:36:06 56ED3EE5FED6BF2FC1305CF872042868 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-04-01 00:31:47 -------- d-----w- C:\PROGRA~2\VS Revo Group
2015-03-18 21:05:49 -------- d-----w- C:\PROGRA~2\Book of Unwritten Tales
======= C: =====
====== C:\Users\Belinda\AppData\Roaming ======
2015-04-01 00:31:47 -------- d-----w- C:\Users\Belinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
====== C:\Users\Belinda ======
2015-04-01 00:38:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-28 21:15:14 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Belinda\Downloads\FRST64.exe
2015-03-18 21:17:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Book of Unwritten Tales
2015-03-18 19:25:54 -------- d-----w- C:\ProgramData\HitmanPro
2015-03-18 19:01:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-03-18 18:56:58 -------- d-----w- C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}
2015-03-18 03:04:24 ED6C93EE27B62E28BBD839FCB3D75E6E 5325696 ----a-w- C:\Users\Belinda\Downloads\ccsetup503.exe

====== C: exe-files ==
2015-04-01 00:40:31 E55D0D5D5A3A585BFF48B990708007A5 2208768 ----a-w- C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLFL3QCW\adwcleaner_4.200.exe
2015-04-01 00:38:44 A08A0CAD85CAB9E10E1E91D028F1B209 41472592 ----a-w- C:\Program Files (x86)\Google\Update\Install\{D8DFB9A7-9EC1-47E3-856C-6101B4B3C7B8}\41.0.2272.101_chrome_installer.exe
2015-04-01 00:38:43 A08A0CAD85CAB9E10E1E91D028F1B209 41472592 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\41.0.2272.101\41.0.2272.101_chrome_installer.exe
2015-04-01 00:37:55 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleCrashHandler.exe
2015-04-01 00:37:55 8ED114240118031B01F4FFDA972F14DF 880272 ----a-w- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateSetup.exe
2015-04-01 00:37:55 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateBroker.exe
2015-04-01 00:37:55 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdate.exe
2015-04-01 00:37:55 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateOnDemand.exe
2015-04-01 00:37:55 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleUpdateComRegisterShell64.exe
2015-04-01 00:37:55 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Users\Belinda\AppData\Local\Temp\{9667A0F7-9B3A-45DE-8A7C-276D3AC82F4A}\GoogleCrashHandler64.exe
2015-04-01 00:31:48 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2015-03-28 22:51:10 FFD052D0F464ADC243C24E71D15C9990 12344 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
2015-03-28 22:51:10 F57DB2F9AD648E513E97B5BCA2F14F46 44760 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SmartFriendAwareness_Ex.exe
2015-03-28 22:51:10 F1B90C9C79298025DB64669CD7F93D1A 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_US.exe
2015-03-28 22:51:10 EEF8E50E55BC6DD97ADFA816ACDB8B0B 48856 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_PCord.exe
2015-03-28 22:51:10 E71B3AB9DDB8A4561F3FC2FB5C80DEB2 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowMemory.exe
2015-03-28 22:51:10 DF2AC1055C406AA66869C95C2FD84A21 17464 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSACIPDetection4.exe
2015-03-28 22:51:10 DDE93A9FB974B6DCDEE299AF055CFFF1 59608 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\WarrantyObjectChecker.exe
2015-03-28 22:51:10 D90FC3A92A8429784FE3119D83A60AB4 31448 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_Darwin_EMEA.exe
2015-03-28 22:51:10 C23490916152CA356B4BDA4A87974B45 35032 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SmartFriendAwareness.exe
2015-03-28 22:51:10 B524A0FAB59C208895913DC82FB3D090 40200 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSACommander.exe
2015-03-28 22:51:10 A6CF2C329B51835BAF9E2A6AD80A00F8 120632 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil7.exe
2015-03-28 22:51:10 A024CEA792E4CD161D664116A81821A8 27352 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_WindowsOLD.exe
2015-03-28 22:51:10 9E847E73C40EDFF3966C94EF4B64C94B 29400 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_Darwin_US.exe
2015-03-28 22:51:10 6A6983390656B73226571BF79A1214AB 37176 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPResignFileLoader.exe
2015-03-28 22:51:10 4FFD25FF66948F6868C9028D4F136940 154424 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe
2015-03-28 22:51:10 3EBC8C7D0478D32A6D191793743458FA 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_EMEA.exe
2015-03-28 22:51:10 1921F0BD86B21AF080F0A260565E2833 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_NSPOS.exe
2015-03-28 22:51:10 10A2EB7A9BF4A8094E95C3148DF4BDF1 31448 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_Darwin_NSPOS.exe
2015-03-28 22:51:10 1059C375192D53514933CBE87E79BA64 21304 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
2015-03-28 22:51:10 01712BD0F1885AB648065FCBF57A0FDD 28376 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SystemRestore.exe
2015-03-28 22:51:09 F9EDD8A064F0FEDEAF812CF5B5EF5E9B 33496 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_AfterUpgradingToWin81.exe
2015-03-28 22:51:09 C4476BF09DBF8FF6B1A19E1C7692659F 26624 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_Ex_US.exe
2015-03-28 22:51:09 AF0D919701B5BE372A276800084E6661 30936 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BackupPasswordReminder.exe
2015-03-28 22:51:09 AC70A4D490D4D2CD6A0E63E0C66F6D04 27864 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BackupPasswordReminder_NSPOS.exe
2015-03-28 22:51:09 9C4F8AAFD98D999F7D5707274EE1B23F 37688 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_CoolSense.exe
2015-03-28 22:51:09 8409673B856C3F2AF634B135EF805F50 29912 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_GettingStartedwithWindows8.exe
2015-03-28 22:51:09 7C4B1D7284CE08D53C531651EA59444E 27352 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_NSPOS.exe
2015-03-28 22:51:09 7A1DC920D662880F6EF8A34E21E010B0 30424 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BackupYourImportantData_US.exe
2015-03-28 22:51:09 698BA1D64B2C178B7069B2D1E0F35A7D 29400 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BackupYourImportantData_EMEA.exe
2015-03-28 22:51:09 58D87CD3D31B52C204A40F19FEF6BF3D 27352 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_EMEA.exe
2015-03-28 22:51:09 5606EFA83C850AB210C38A1C3AE886AE 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_BeforeUpgradingToWin81.exe
2015-03-28 22:51:09 5288FEC36ADB27C8A24623F6DB8858B8 72920 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_toastNotify.exe
2015-03-28 22:51:09 2DA14CADC35E8CAEC6D0FD7D3A5844C2 21208 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_GuestAccount.exe
2015-03-28 22:51:09 06D9888F172A8AC47959DA5DF68270DE 29400 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_LowDiskSpace_US.exe
2015-03-26 02:17:45 4F079107F0D6FA1921F8A2F989864AC4 141399376 ----a-w- C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Belinda\Desktop\wlsetup-all.exe
=== C: other files ==
2015-03-28 22:51:23 E8C84E1C6BA8EC0421074D5D908582E5 289106 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\resources\en-US\hcsolutions.zip
2015-03-28 22:51:19 A61D473456A479A2810245D04FE446B1 1184831 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\resources\guidAcheck.zip
2015-03-28 22:51:14 43605E936FB4BD1F36DBB00E40D5EF97 2103471 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\resources\guid.zip

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [12/20/2009 03:50 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [12/20/2009 03:50 PM]

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

500px - Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja
Bookmark Manager - Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Murder Files - Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahggomhaf
Chrome Hotword Shared Module - Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Spelunky HTML5 - Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof
SiriusXM - Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbdoippffioahmjdapnadeelifajhco

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{22348997-7FD7-4759-AB9D-EB2B7A365617} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR&pc=HPNTDF"
{5742DF86-2217-4B97-B0DB-4167190A778E} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS443"
{80c554b9-c7f8-4a21-9471-06d606da78a2} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE"
{DA8A4A35-6C73-4DEF-BE6A-31CFCE65F453} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS443"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully
HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully
HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4250258325-1562067111-3671703038-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLFL3QCW will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=11599 folders=573 1342406543 bytes)

==== Empty Temp Folders ======================

C:\Users\Belinda\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Belinda\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\WOT"  not found
"C:\Users\Belinda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLFL3QCW" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Tue 03/31/2015 at 21:13:45.08 ======================



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 01 April 2015 - 01:36 PM

Let's do a final check up:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 04 April 2015 - 03:13 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:27 AM

Posted 07 April 2015 - 10:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users